3 matches found
CVE-2022-45816
CVE-2022-45816 affects the WordPress plugin GD bbPress Attachments (versions ≤ 4.3.1). The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of settings, enabling elevated-privilege users (e.g., admins) to inject XSS. Public refe...
CVE-2015-5482
The CVE refers to the WordPress plugin GD bbPress Attachments, affected versions prior to 2.3. The vulnerability is a directory traversal in the gdbbpress_attachments page (tab parameter) that allows remote administrators to include and execute local files via wp-admin/edit.php. Impact is arbitra...
CVE-2015-5481
The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...