CVE-2025-34437

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-34437

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from a lack of ownership checks on endpoints, and could lead to authenticated users uploading comment images to other users'...

PT-2025-51889

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 allow any authenticated user to upload comment images to videos owned by other users. The ''/comment images'' endpoint validates authentication but does not verify...

EUVD-2017-9677

Malware in sbrugna...

CVE-2017-18561

The embed-comment-images plugin before 0.6 for WordPress has XSS...

WordPress Comment Images Reloaded plugin <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion vulnerability

Authenticated Subscriber+ Arbitrary Media Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Comment Images Reloaded versions = 2.2.1...

CVE-2024-5856

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cirdeleteimage AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

PT-2024-37195 · WordPress · Comment Images Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...

WordPress Comment Images Reloaded Plugin <= 2.2.1 is vulnerable to Broken Access Control

Software Comment Images Reloaded Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5856 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a3534aef50ef Credits Lucio Sá Required...

WordPress embed-comment-images plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. embed-comment-images is a plugin that supports embedding image links in comments. A cross-site scripting vulnerability exists in the...

CVE-2017-18561

The embed-comment-images plugin before 0.6 for WordPress has XSS...

CVE-2017-18561

The CVE-2017-18561 entry concerns the WordPress plugin embed-comment-images with an XSS vulnerability in versions before 0.6. Connected sources consistently describe Cross-Site Scripting in this plugin, evidenced by references noting XSS and a PoC demonstrating an image tag-based vector (e.g., un...