295 matches found
PT-2024-16872 · WordPress · Increase Maximum Upload File Size | Increase Execution Time Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress versions up to, and including, 1.1.3 Description: The issue allows authenticated attackers with author-level permissions and above to retrieve the full path of t...
CVE-2024-9442
The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above...
WordPress PJW Mime Config plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin PJW Mime Config versions = 1.0...
CVE-2024-10269
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...
WordPress Easy SVG Upload plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Easy SVG Upload versions = 1.0...
CVE-2024-9848
The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...
CVE-2024-9452
The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inje...
CVE-2024-8967
The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...
WordPress Slider Revolution plugin <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Slider Revolution versions = 6.7.18...
PT-2024-38806 · WordPress · Slider Revolution
Name of the Vulnerable Software and Affected Versions: Slider Revolution plugin for WordPress versions up to, and including, 6.7.18 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...
PT-2024-39447 · WordPress · King Ie
Name of the Vulnerable Software and Affected Versions: king IE plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
PT-2024-37623 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.35 Description: The issue is related to Regular Expression Denial of Service ReDoS due to the processing of user-supplied input as a regular expression. Thi...
CVE-2024-5191
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimetypes’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-5527
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...
CVE-2023-7073
The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the uploadtolibrary AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web reques...
PT-2024-17949 · WordPress · Custom Fonts – Host Your Fonts Locally
Name of the Vulnerable Software and Affected Versions: Custom Fonts – Host Your Fonts Locally plugin for WordPress versions up to, and including, 2.1.4 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with author level or...
CVE-2024-2619
The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...
PT-2024-22417 · WordPress · Enhanced Media Library
Name of the Vulnerable Software and Affected Versions: Enhanced Media Library plugin for WordPress versions up to, and including, 2.8.9 Description: The issue allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages via media upload functionality...
PT-2024-28236 · WordPress · 3D Flipbook
Name of the Vulnerable Software and Affected Versions: 3D FlipBook plugin for WordPress versions up to, and including, 1.15.4 Description: The issue is related to Stored Cross-Site Scripting via the Bookmark URL field due to insufficient input sanitization and output escaping. This allows...