24 matches found
containerd: OCI image importer memory exhaustion
A flaw was found in containerd. When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file, where a limit was not applied could cause a denial of service...
CVE-2025-14120
The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...
CVE-2025-14120
The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...
CVE-2025-14120 URL Image Importer <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...
CVE-2025-14120 URL Image Importer <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...
CVE-2025-14120
CVE-2025-14120 affects the URL Image Importer WordPress plugin and enables a Stored XSS via SVG uploads. Exploitation requires authenticated access at Author level or higher, affecting versions up to 1.0.7. Remediation: upgrade to version 1.0.7 (patched).
PT-2026-1410
Name of the Vulnerable Software and Affected Versions URL Image Importer plugin for WordPress versions up to and including 1.0.7 Description The URL Image Importer plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG files...
WordPress plugin URL Image Importer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
WordPress URL Image Importer plugin <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by bxdman in WordPress Plugin URL Image Importer versions = 1.0.7...
WordPress URL Image Importer plugin <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload vulnerability
Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin URL Image Importer versions 1.0-1.0.6...
CVE-2025-12138
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...
CVE-2025-12138
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...
CVE-2025-12138 URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...
CVE-2025-12138
The WordPress URL Image Importer plugin (URL Image Importer) is affected up to version 1.0.6. Root cause: it relies on a user-controlled Content-Type header for upload validation, writing files before proper checks, enabling authenticated users with Author+ rights to upload arbitrary files and po...
CVE-2025-12138 URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...
EUVD-2025-198403
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...
PT-2025-47692
Name of the Vulnerable Software and Affected Versions WordPress URL Image Importer plugin versions up to and including 1.0.6 Description The WordPress URL Image Importer plugin is susceptible to arbitrary file uploads because of inadequate file type validation. The plugin depends on a...
WordPress plugin URL Image Importer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2024-31994 Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole leading to possible disk...
CVE-2024-31993 Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...