Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.12 views

CVE-2024-13706

The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 2:15 p.m.13 views

CVE-2024-13720

The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...

9.1CVSS0.00516EPSS
Exploits0References2
CVE
CVE
added 2025/01/30 1:41 p.m.50 views

CVE-2024-13707

CVE-2024-13707 affects the WordPress plugin WP Image Uploader (versions up to 1.0.1). The vulnerability is a Cross-Site Forgery vulnerability caused by missing/incorrect nonce validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files via a forg...

8.8CVSS8.4AI score0.00229EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/30 1:41 p.m.6 views

CVE-2024-13707 WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion

The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gkyimageuploadermainfunction function. This makes it possible for unauthenticated attackers to delete...

8.8CVSS8.4AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 1:41 p.m.14 views

CVE-2024-13707 WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion

The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gkyimageuploadermainfunction function. This makes it possible for unauthenticated attackers to delete...

8.8CVSS0.00229EPSS
Exploits0References2
CVE
CVE
added 2025/01/30 1:41 p.m.47 views

CVE-2024-13720

CVE-2024-13720 concerns the WordPress plugin WP Image Uploader, affected versions up to and including 1.0.1. The issue is an insufficient file path validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files on the server (potential path traversa...

9.1CVSS9.1AI score0.00516EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/30 1:41 p.m.6 views

CVE-2024-13720 WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion

The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...

8.8CVSS9.6AI score0.00516EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 1:41 p.m.10 views

CVE-2024-13720 WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion

The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...

8.8CVSS0.00516EPSS
Exploits0References2
NVD
NVD
added 2025/01/30 11:15 a.m.7 views

CVE-2024-13706

The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/30 11:10 a.m.4 views

CVE-2024-13706 WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting

The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 11:10 a.m.15 views

CVE-2024-13706 WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting

The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.3 views

WordPress plugin WP Image Uploader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...

6.1CVSS8.2AI score0.00276EPSS
Exploits0References2
Rows per page
Query Builder