2 matches found
CVE-2024-13707
CVE-2024-13707 affects the WordPress plugin WP Image Uploader (versions up to 1.0.1). The vulnerability is a Cross-Site Forgery vulnerability caused by missing/incorrect nonce validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files via a forg...
CVE-2024-13720
CVE-2024-13720 concerns the WordPress plugin WP Image Uploader, affected versions up to and including 1.0.1. The issue is an insufficient file path validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files on the server (potential path traversa...