← Back

Wp Insert

wp-insert

Vendor: Smartlogix • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-25461
1Smartlogix
1Wp Insert
Nov 21, 2024
Apr 25, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions.
CVE-2018-17573
1Smartlogix
1Wp Insert
Nov 21, 2024
Sep 28, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/edito...Show more
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.Show less