3 matches found
CVE-2022-4633
CVE-2022-4633 affects Auto Upload Images up to version 3.3.0. The vulnerability resides in the file src/setting-page.php of the Settings Handler, enabling cross-site request forgery (CSRF). The attack may be launched remotely. A fix is available in version 3.3.1; apply the upgrade (patch identifi...
CVE-2022-4632
CVE-2022-4632 affects Auto Upload Images up to version 3.3.0. It describes a cross-site scripting flaw in an unknown functionality that can be triggered remotely (attack vector: NETWORK) with user interaction required and no privileges. Upgrading to version 3.3.1 fixes the issue (patch identifier...
CVE-2022-42880
The CVE-2022-42880 entry concerns the WordPress plugin Ali Irani Auto Upload Images (versions ≤ 3.3). The vulnerability is a CSRF weakness that can lead to Stored XSS, reported across multiple sources. The underlying issue is a cross-site request forgery that enables an attacker to inject script ...