Lucene search
+L
StylishpricelistStylish Price List

5 matches found

CVE
CVE
added 2021/11/01 8:46 a.m.54 views

CVE-2021-24770

The CVE-2021-24770 item relates to the WordPress plugin Stylish Price List (versions before 6.9.1). Affected component: spl_upload_ser_img AJAX action. Root cause: lack of capability checks for authenticated users, enabling any authenticated user (e.g., subscribers) to upload arbitrary images. Im...

6.5CVSS6.4AI score0.00825EPSS
Web
CVE
CVE
added 2021/11/01 8:46 a.m.52 views

CVE-2021-24757

CVE-2021-24757 affects the WordPress plugin Stylish Price List (versions prior to 6.9.0). The root cause is missing capability checks in the spl_upload_ser_img AJAX action, making image uploads possible by unauthenticated users. This could lead to arbitrary image upload and potential misuse on af...

5.3CVSS5.2AI score0.0102EPSS
Web
CVE
CVE
added 2025/03/25 6:0 a.m.50 views

CVE-2024-10472

The CVE-2024-10472 affects the WordPress plugin Stylish Price List, prior to version 7.1.12. The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., contributors), even when unfi...

5.9CVSS5.8AI score0.00298EPSS
CVE
CVE
added 2024/01/05 9:54 a.m.44 views

CVE-2023-51673

CVE-2023-51673 concerns Cross-Site Request Forgery in the Stylish Price List – Price Table Builder & QR Code Restaurant Menu WordPress plugin (affected: from n/a through 7.0.17). The issue is a CSRF flaw (no details on exploit path beyond CSRF) that could enable unauthorized actions by a logged-i...

9.8CVSS8.6AI score0.00249EPSS
CVE
CVE
added 2025/05/15 8:7 p.m.31 views

CVE-2024-7758

CVE-2024-7758 — WordPress Stylish Price List plugin : The plugin before version 7.1.8 does not adequately sanitize and escape certain settings, enabling potential stored XSS for high-privilege users (contributors and above) even when the unfiltered_html capability is disallowed (e.g., in multisit...

4.8CVSS5.7AI score0.00266EPSS