Lucene search
K

27 matches found

CNNVD
CNNVD
added 2023/10/16 12:0 a.m.1 views

WordPress plugin WP Attachments Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.7 views

PT-2023-15993 · WordPress · Download Attachments

Name of the Vulnerable Software and Affected Versions: Download Attachments WordPress plugin versions prior to 1.3 Description: The issue concerns the Download Attachments WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page o...

5.4CVSS5.2AI score0.00482EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.4 views

PT-2023-14189 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments WordPress plugin versions prior to 5.0.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

4.8CVSS4.6AI score0.0047EPSS
Exploits2References4
OSV
OSV
added 2022/11/14 3:15 p.m.2 views

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS5.8AI score0.00532EPSS
Exploits2References1
CVE
CVE
added 2016/01/08 8:0 p.m.65 views

CVE-2015-4694

CVE-2015-4694 affects the WordPress Zip Attachments plugin (versions before 1.5.1). A directory traversal flaw in download.php (za_file parameter) allows an attacker to read arbitrary files. Public references describe this as an arbitrary file retrieval/vulnerability in the plugin. Remediation: u...

8.6CVSS8.3AI score0.15646EPSS
Exploits2References7Affected Software1
CNVD
CNVD
added 2015/06/26 12:0 a.m.3 views

WordPress Zip Attachments Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in the WordPress Zip Attachments plugin, which allows remote attackers to exploit the vulnerability by submitting a...

7AI score
Exploits0References1
Atlassian
Atlassian
added 2012/11/29 12:41 p.m.31 views

UploadAttachmentsAction XSRF

The UploadAttachmentsAction action is declared to use a validatingStack interceptor chain, but does not use the RequiresSecurityToken element, leaving it open to an XSRF attack. If this were exploited, an attacker could force a user’s browser to upload files into a space they have write permissio...

2.4AI score
Exploits0Affected Software1
Rows per page
Query Builder