2 matches found
CVE-2019-6112
WordPress Sell Media plugin v2.4.1 contains a Cross-Site Scripting (XSS) vulnerability in /inc/class-search.php, exploitable via the keyword parameter (search_term) to inject arbitrary script/HTML. Several connected sources (nuclei template, PatchStack, WPVulnDB) confirm remote exploitation and u...
CVE-2021-4420
The CVE-2021-4420 entry concerns the WordPress Sell Media plugin. Affected component: sell_media_process() in versions up to and including 2.5.5. Root cause: missing or incorrect nonce validation leading to Cross-Site Request Forgery. Impact: unauthenticated attackers can cause a forged request t...