Lucene search
K

11 matches found

NVD
NVD
added 2025/12/12 4:15 a.m.10 views

CVE-2025-14045

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.30 views

CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.2 views

CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS4.9AI score0.00196EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 3:20 a.m.14 views

CVE-2025-14045

CVE-2025-14045 affects the URL Media Uploader plugin for WordPress. A missing capability check in url_media_uploader_url_upload_ajax_handler() allows authenticated users with Contributor+ access to upload safe media files across all versions up to 1.0.1. Remediation suspected: upgrade to 1.0.1 or...

4.3CVSS4.9AI score0.00196EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin URL Media Uploader 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.3AI score0.00196EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/11 10:11 p.m.6 views

WordPress URL Media Uploader plugin <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload vulnerability

Missing Authorization to Authenticated Contributor+ Safe File Upload vulnerability discovered by jsonc in WordPress Plugin URL Media Uploader versions = 1.0.1...

4.3CVSS6.7AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/28 8:23 a.m.66 views

CVE-2025-1662

CVE-2025-1662 is an SSRF flaw in the WordPress plugin URL Media Uploader (

6.4CVSS6.2AI score0.00264EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/02/28 8:23 a.m.17 views

CVE-2025-1662 URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'urlmediauploaderurlupload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrar...

6.4CVSS0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/28 8:23 a.m.5 views

CVE-2025-1662 URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'urlmediauploaderurlupload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrar...

6.4CVSS6.2AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.2 views

WordPress plugin URL Media Uploader 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability...

6.4CVSS8.4AI score0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.4 views

PT-2025-9081 · WordPress · Url Media Uploader

Name of the Vulnerable Software and Affected Versions: URL Media Uploader plugin for WordPress versions prior to 1.1.0, or more specifically, version 1.0.0 and earlier Description: The issue allows authenticated attackers with author-level access and above to perform Server-Side Request Forgery v...

6.4CVSS9.4AI score0.00264EPSS
Exploits0References8
Rows per page
Query Builder