CVE-2026-24569

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through = 1.6.7...

CVE-2026-24569

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through = 1.6.7...

CVE-2026-24569

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through = 1.6.7...

PT-2026-4411

Name of the Vulnerable Software and Affected Versions Sully Media Library File Size versions through 1.6.7 Description An authorization issue exists in Sully Media Library File Size. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access...

CVE-2024-5033

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5034

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-5151

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress SULly plugin < 4.3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin SULly versions 4.3.1...

WordPress SULly plugin < 4.3.1 - Plugin Reset via CSRF vulnerability

Plugin Reset via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin SULly versions 4.3.1...

WordPress SULly plugin < 4.3.1 - Admin+ Stored XSS via CSRF vulnerability

Admin+ Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin SULly versions 4.3.1...

WordPress SULly plugin < 4.3.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin SULly versions 4.3.1...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5034 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 671675d484b6 Credits Bob Matyas Required privilege...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5151 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 81625139b730 Credits Guido Iván García Duva Required...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2aee1bdf07 Credits Bob Matyas Required privilege...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5033 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1486b242ed58 Credits Bob Matyas Required privilege...

CVE-2024-5151

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5151

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5034

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-5033

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5032

The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...