Lucene search

K

10Up Security Vulnerabilities

cve
cve

CVE-2019-18854

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.

7.5CVSS

7.4AI Score

0.004EPSS

2019-11-11 03:15 PM
70
cve
cve

CVE-2019-18855

A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.

7.5CVSS

7.4AI Score

0.004EPSS

2019-11-11 03:15 PM
71
cve
cve

CVE-2021-4405

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed param...

4.3CVSS

4.2AI Score

0.0005EPSS

2023-07-01 06:15 AM
35
cve
cve

CVE-2022-1091

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending ...

6.1CVSS

6AI Score

0.001EPSS

2022-04-18 06:15 PM
90
cve
cve

CVE-2022-1613

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.

5.3CVSS

5.1AI Score

0.001EPSS

2022-09-26 01:15 PM
43
5
cve
cve

CVE-2023-32798

Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0.

5.3CVSS

5.4AI Score

0.0004EPSS

2024-12-13 03:15 PM
23
cve
cve

CVE-2023-48753

Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1.

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 11:15 AM
59
cve
cve

CVE-2024-10786

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and a...

4.3CVSS

4.2AI Score

0.001EPSS

2024-11-16 03:15 AM
37
cve
cve

CVE-2024-35684

Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1.

4.3CVSS

5AI Score

0.0005EPSS

2024-06-08 03:15 PM
38
cve
cve

CVE-2024-43116

Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.

8.8CVSS

7AI Score

0.001EPSS

2024-08-26 09:15 PM
43
cve
cve

CVE-2024-8378

The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data.

4.8CVSS

5.3AI Score

0.0004EPSS

2024-11-07 04:15 PM
30