CVE-2024-11605

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

PT-2024-17132 · WordPress · Wp-Publications

Name of the Vulnerable Software and Affected Versions: wp-publications WordPress plugin versions 1.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example i...

Remote code execution

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...

CVE-2021-38360 wp-publications <= 0.0 Local File Include

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...