Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.7 views

CVE-2023-3720

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

6.5CVSS6.8AI score0.00261EPSS
Exploits2References1
NVD
NVD
added 2023/08/30 3:15 p.m.31 views

CVE-2023-3720

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

6.5CVSS6.5AI score0.00261EPSS
Exploits2References1
OSV
OSV
added 2023/08/30 3:15 p.m.3 views

CVE-2023-3720

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

6.5CVSS5.9AI score0.00261EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/08/30 2:22 p.m.8 views

CVE-2023-3720 Upload Media By URL < 1.0.8 - Stored XSS via CSRF

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

6.5AI score0.00261EPSS
Exploits2References1
CVE
CVE
added 2023/08/30 2:22 p.m.56 views

CVE-2023-3720

CVE-2023-3720 applies to the WordPress plugin Upload Media By URL, vulnerable before version 1.0.8 due to a missing CSRF check during file upload. The issue allows a logged-in attacker to cause admins to upload files (potentially HTML with JavaScript) on behalf of users with the unfiltered_html c...

6.5CVSS6.8AI score0.00261EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/08/02 12:0 a.m.9 views

WordPress Upload Media By URL Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Upload Media By URL Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3720 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5ff81e594ed5 Credits Dmitriy Cleantal...

6.5CVSS7AI score0.00261EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder