6 matches found
CVE-2023-3720
The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...
CVE-2023-3720
The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...
CVE-2023-3720
The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...
CVE-2023-3720 Upload Media By URL < 1.0.8 - Stored XSS via CSRF
The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...
CVE-2023-3720
CVE-2023-3720 applies to the WordPress plugin Upload Media By URL, vulnerable before version 1.0.8 due to a missing CSRF check during file upload. The issue allows a logged-in attacker to cause admins to upload files (potentially HTML with JavaScript) on behalf of users with the unfiltered_html c...
WordPress Upload Media By URL Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Upload Media By URL Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3720 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5ff81e594ed5 Credits Dmitriy Cleantal...