CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

CVE-2026-3335 Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

CVE-2026-3335

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

CVE-2026-3335 Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

PT-2026-26851

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the /wp-content/plugins/canto/includes/lib/copy-media.php file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and t...

EUVD-2025-8792

Malicious code in bioql PyPI...

CVE-2024-9220

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2025-31583

Cross-Site Request Forgery CSRF vulnerability in Ashish Ajani WP Copy Media URL wp-copy-media-url allows Stored XSS.This issue affects WP Copy Media URL: from n/a through = 2.1...

WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin WP Copy Media URL versions = 2.1...

CVE-2025-31583

Cross-Site Request Forgery CSRF vulnerability in Ashish Ajani WP Copy Media URL wp-copy-media-url allows Stored XSS.This issue affects WP Copy Media URL: from n/a through = 2.1...

CVE-2025-31583 WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ashish Ajani WP Copy Media URL wp-copy-media-url allows Stored XSS.This issue affects WP Copy Media URL: from n/a through = 2.1...

CVE-2025-31583 WordPress WP Copy Media URL plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ashish Ajani WP Copy Media URL wp-copy-media-url allows Stored XSS.This issue affects WP Copy Media URL: from n/a through = 2.1...

CVE-2025-31583

CVE-2025-31583 : In WordPress plugin WP Copy Media URL (up to version 2.1), a CSRF vulnerability can lead to stored XSS. Root cause: CSRF enabling stored XSS via WP Copy Media URL. Impact details are as described in the initial document; no specific exploit paths or fixes are provided in the sour...

WordPress plugin WP Copy Media URL 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-9220

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-9220

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-9220 LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-9220

CVE-2024-9220 affects the WordPress plugin LH Copy Media File (versions up to and including 1.08). Root cause: improper escaping in add_query_arg leads to a Reflected XSS vulnerability, allowing unauthenticated attackers to inject scripts if a user is tricked into clicking a crafted link. Public ...

CVE-2024-9220 LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting

The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...