CVE-2024-3664

The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setthumbnail and deletethumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with...

CVE-2024-10535

The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeunusedthumbnails function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails ...

PT-2024-16352 · WordPress · Video Gallery For Woocommerce

Name of the Vulnerable Software and Affected Versions: Video Gallery for WooCommerce plugin for WordPress versions up to, and including, 1.31 Description: The issue is related to a missing capability check on the remove unused thumbnails function, allowing unauthenticated attackers to delete...

WordPress Quick Featured Images plugin <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Thumbnail Deletion/Setting vulnerability discovered by Lucio Sá in WordPress Plugin Quick Featured Images versions = 13.7.0...

NextGEN Gallery < 3.29 - Thumbnail Deletion via CSRF

The plugin does not have CSRF checks when deleting Thumbnail, which could allow attackers to make logged in users with the editPost capability to perform such action via a CSRF attack...