5 matches found
CVE-2024-2840
The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with author-level...
CVE-2024-2840
The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with author-level...
CVE-2024-2840 Enhanced Media Library <= 2.8.9 - Authenticated (Author+) Stored Cross-Site Scripting
The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with author-level...
CVE-2024-2840
CVE-2024-2840 affects the Enhanced Media Library WordPress plugin, vulnerable to stored XSS via media upload in all versions up to 2.8.9. An authenticated attacker (author+ or higher) can upload dfxp files to inject scripts executed on page loads. Patch: upgrade to version 2.8.10 or later (per ch...
WordPress Enhanced Media Library Plugin <= 2.8.9 is vulnerable to Cross Site Scripting (XSS)
Software Enhanced Media Library Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2840 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7be32de28faf Credits Tim Coen Require...