CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

CVE-2026-3335 Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

PT-2026-26851

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

CVE-2024-9220

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-9220

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-9220

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-9220 LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-9220

CVE-2024-9220 affects the WordPress plugin LH Copy Media File (versions up to and including 1.08). Root cause: improper escaping in add_query_arg leads to a Reflected XSS vulnerability, allowing unauthenticated attackers to inject scripts if a user is tricked into clicking a crafted link. Public ...

CVE-2024-9220 LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

WordPress LH Copy Media File plugin <= 1.08 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin LH Copy Media File versions = 1.08...

PT-2024-39499 · WordPress · Lh Copy Media File

Name of the Vulnerable Software and Affected Versions: LH Copy Media File plugin for WordPress versions up to, and including, 1.08 Description: The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping ...

WordPress plugin LH Copy Media File 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

WordPress LH Copy Media File Plugin <= 1.08 is vulnerable to Cross Site Scripting (XSS)

Software LH Copy Media File Type Plugin Vulnerable versions = 1.08 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9220 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f98d57ff7d4d Credits Colin Xu Required...