De Baat

de-baat

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Store Locator Plus

store_locator_plus

Wp Media Category Management

wp_media_category_management

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0865 1De Baat 1Wp Media Category Management Mar 6, 2025 Feb 19, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() func...Show more The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function. This makes it possible for unauthenticated attackers to alter plugin settings, such as the taxonomy used for media, the base slug for media categories, and the default media category via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2021-24290 1De Baat 1Store Locator Plus Nov 21, 2024 May 17, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
CVE-2021-24289 1De Baat 1Store Locator Plus Nov 21, 2024 May 17, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.