11 matches found
CVE-2025-14045
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2025-14045
CVE-2025-14045 affects the URL Media Uploader plugin for WordPress. A missing capability check in url_media_uploader_url_upload_ajax_handler() allows authenticated users with Contributor+ access to upload safe media files across all versions up to 1.0.1. Remediation suspected: upgrade to 1.0.1 or...
WordPress plugin URL Media Uploader 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress URL Media Uploader plugin <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload vulnerability
Missing Authorization to Authenticated Contributor+ Safe File Upload vulnerability discovered by jsonc in WordPress Plugin URL Media Uploader versions = 1.0.1...
CVE-2025-1662
CVE-2025-1662 is an SSRF flaw in the WordPress plugin URL Media Uploader (
CVE-2025-1662 URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding
The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'urlmediauploaderurlupload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrar...
CVE-2025-1662 URL Media Uploader <= 1.0.0 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebinding
The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'urlmediauploaderurlupload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrar...
WordPress plugin URL Media Uploader 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability...
PT-2025-9081 · WordPress · Url Media Uploader
Name of the Vulnerable Software and Affected Versions: URL Media Uploader plugin for WordPress versions prior to 1.1.0, or more specifically, version 1.0.0 and earlier Description: The issue allows authenticated attackers with author-level access and above to perform Server-Side Request Forgery v...