Lucene search
K

47 matches found

RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-14045

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS5.3AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 6:31 a.m.3 views

EUVD-2025-202999

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS4.8AI score0.00196EPSS
Exploits0References5
NVD
NVD
added 2025/12/12 4:15 a.m.10 views

CVE-2025-14045

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.30 views

CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.2 views

CVE-2025-14045 URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

4.3CVSS4.9AI score0.00196EPSS
Exploits0References4
CVE
CVE
added 2025/12/12 3:20 a.m.14 views

CVE-2025-14045

CVE-2025-14045 affects the URL Media Uploader plugin for WordPress. A missing capability check in url_media_uploader_url_upload_ajax_handler() allows authenticated users with Contributor+ access to upload safe media files across all versions up to 1.0.1. Remediation suspected: upgrade to 1.0.1 or...

4.3CVSS4.9AI score0.00196EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin URL Media Uploader 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.3AI score0.00196EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/11 10:11 p.m.6 views

WordPress URL Media Uploader plugin <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload vulnerability

Missing Authorization to Authenticated Contributor+ Safe File Upload vulnerability discovered by jsonc in WordPress Plugin URL Media Uploader versions = 1.0.1...

4.3CVSS6.7AI score0.00196EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/14 9:9 a.m.13 views

CVE-2025-10295

The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/13 8:27 a.m.13 views

CVE-2025-10295 Angel – Fashion Model Agency WordPress CMS Theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/13 8:27 a.m.8 views

EUVD-2025-158259

The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00157EPSS
Exploits0References3
CVE
CVE
added 2025/11/13 8:27 a.m.16 views

CVE-2025-10295

CVE-2025-10295 affects the Angel – Fashion Model Agency WordPress Theme (versions up to and including 3.2.3). The vulnerability is a Stored Cross-Site Scripting flaw in the profile media uploader caused by insufficient input sanitization and output escaping. It requires authenticated access at su...

6.4CVSS4.8AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.6 views

PT-2025-46790

Name of the Vulnerable Software and Affected Versions Angel – Fashion Model Agency WordPress CMS Theme versions through 3.2.3 Description The software is susceptible to Stored Cross-Site Scripting in the profile media uploader. Insufficient input sanitization and output escaping allow authenticat...

6.4CVSS5.7AI score0.00157EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-0716

Malware in sbrugna...

4CVSS6AI score0.03168EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-34940

Malicious code in bioql PyPI...

6.4CVSS5.6AI score0.00451EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-59272

Malicious code in bioql PyPI...

5.4CVSS9AI score0.00243EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.10 views

CVE-2022-2695

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' parameter added to images via the media uploader in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.9AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.16 views

CVE-2023-7088

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.4CVSS6AI score0.00243EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/05/15 8:9 p.m.11 views

CVE-2023-7088 Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6.2AI score0.00243EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/15 8:9 p.m.26 views

CVE-2023-7088 Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG

The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

0.00243EPSS
Exploits2References1
Rows per page
Query Builder