Lucene search
K
Simple-pressSimple:press

6 matches found

CVE
CVE
added 2022/11/29 8:6 p.m.55 views

CVE-2022-4027

The CVE-2022-4027 entry concerns the WordPress Simple:Press plugin (versions up to 6.8) with a stored XSS vulnerability in the forum reply flow via the postitem parameter. The root cause is insufficient input sanitization and output escaping, allowing injection of object/embed tags. Unauthenticat...

7.2CVSS5.2AI score0.00571EPSS
CVE
CVE
added 2022/11/29 8:8 p.m.50 views

CVE-2022-4028

The CVE-2022-4028 describes a Stored XSS vulnerability in the WordPress Simple:Press plugin (up to and including version 6.8) triggered by the postitem parameter during profile-signature modification. Root cause: insufficient input sanitization and output escaping enables injection of object/embe...

6.4CVSS5AI score0.00495EPSS
CVE
CVE
added 2022/11/29 8:15 p.m.50 views

CVE-2022-4031

The CVE-2022-4031 entry concerns the Simple:Press WordPress plugin (versions up to and including 6.8) and describes an arbitrary file modification vulnerability via the file parameter, where an attacker with high privileges (e.g., admin) can supply filesystem paths to modify files outside the int...

4.9CVSS5AI score0.00669EPSS
CVE
CVE
added 2022/11/29 8:10 p.m.49 views

CVE-2022-4029

CVE-2022-4029 affects the WordPress Simple:Press plugin up to version 6.8. The vulnerability is a Reflected Cross-Site Scripting via the cookie value named like sforum_[md5 hash of the WordPress URL], caused by insufficient input sanitization and output escaping. This enables unauthenticated atta...

4.7CVSS4.6AI score0.00558EPSS
CVE
CVE
added 2022/11/29 8:13 p.m.49 views

CVE-2022-4030

The CVE-2022-4030 entry concerns the WordPress Simple:Press plugin (versions up to 6.8). It describes a path-traversal flaw in the file parameter used during user avatar deletion, which could allow an attacker with minimal privileges (e.g., a subscriber) to reference and delete arbitrary server f...

8.1CVSS8.2AI score0.01563EPSS
CVE
CVE
added 2023/10/20 6:35 a.m.44 views

CVE-2020-36706

CVE-2020-36706 affects the Simple:Press WordPress Forum Plugin. The issue is missing file type validation in the sf-uploader.php uploader (~/admin/resources/jscript/ajaxupload/sf-uploader.php), allowing arbitrary file uploads in versions up to 6.6.0 and potentially enabling remote code execution ...

9.8CVSS9.6AI score0.01818EPSS