CVE-2024-13805

The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it...

PT-2024-18158 · WordPress · Ninja Forms - File Uploads

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads plugin for WordPress versions up to, and including, 3.3.16 Description: The issue is a Stored Cross-Site Scripting vulnerability via an uploaded file, such as an RTX file, due to insufficient input sanitization and...