CVE-2021-24491

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack...

CVE-2015-4673

Multiple cross-site scripting XSS vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via 1 the collectiondescription parameter to upload/managecollections.php in an addnew action or the 2 photodescription, 3 phototags, or 4 phototitle...