5 matches found
CVE-2021-24770
The CVE-2021-24770 item relates to the WordPress plugin Stylish Price List (versions before 6.9.1). Affected component: spl_upload_ser_img AJAX action. Root cause: lack of capability checks for authenticated users, enabling any authenticated user (e.g., subscribers) to upload arbitrary images. Im...
CVE-2021-24757
CVE-2021-24757 affects the WordPress plugin Stylish Price List (versions prior to 6.9.0). The root cause is missing capability checks in the spl_upload_ser_img AJAX action, making image uploads possible by unauthenticated users. This could lead to arbitrary image upload and potential misuse on af...
CVE-2024-10472
The CVE-2024-10472 affects the WordPress plugin Stylish Price List, prior to version 7.1.12. The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., contributors), even when unfi...
CVE-2023-51673
CVE-2023-51673 concerns Cross-Site Request Forgery in the Stylish Price List – Price Table Builder & QR Code Restaurant Menu WordPress plugin (affected: from n/a through 7.0.17). The issue is a CSRF flaw (no details on exploit path beyond CSRF) that could enable unauthorized actions by a logged-i...
CVE-2024-7758
CVE-2024-7758 — WordPress Stylish Price List plugin : The plugin before version 7.1.8 does not adequately sanitize and escape certain settings, enabling potential stored XSS for high-privilege users (contributors and above) even when the unfiltered_html capability is disallowed (e.g., in multisit...