12 matches found
CVE-2024-13706
The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-13720
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...
CVE-2024-13707
CVE-2024-13707 affects the WordPress plugin WP Image Uploader (versions up to 1.0.1). The vulnerability is a Cross-Site Forgery vulnerability caused by missing/incorrect nonce validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files via a forg...
CVE-2024-13707 WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion
The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gkyimageuploadermainfunction function. This makes it possible for unauthenticated attackers to delete...
CVE-2024-13707 WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion
The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gkyimageuploadermainfunction function. This makes it possible for unauthenticated attackers to delete...
CVE-2024-13720
CVE-2024-13720 concerns the WordPress plugin WP Image Uploader, affected versions up to and including 1.0.1. The issue is an insufficient file path validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files on the server (potential path traversa...
CVE-2024-13720 WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...
CVE-2024-13720 WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...
CVE-2024-13706
The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-13706 WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting
The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-13706 WP Image Uploader <= 1.0.1 - Reflected Cross-Site Scripting
The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin WP Image Uploader 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site scripting...