CVE-2024-2334

The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with autho...

PT-2024-19819 · WordPress · The Template Kit

Name of the Vulnerable Software and Affected Versions: The Template Kit – Import plugin for WordPress versions prior to 1.0.15 Description: The issue arises from insufficient input sanitization and output escaping in the template upload functionality, allowing authenticated attackers with author...

WordPress Template Kit – Import plugin <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload vulnerability

AuthenticatedAuthor+ Stored Cross-Site Scripting via template upload vulnerability discovered by Colin Xu in WordPress Plugin Template Kit – Import versions = 1.0.14...

CVE-2021-4330

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for...

CVE-2021-4330

CVE-2021-4330 affects WordPress plugins “Template Kit – Import” (up to 1.0.13) and “Envato Elements & Download” (up to 2.0.10). The root cause is insufficient validation of file types during Zip extraction in the installFreeTemplateKit and uploadTemplateKitZipFileFile functions, enabling attacker...