← Back

Marcomilesi

marcomilesi

7 CVEs • 4 products

Products (4)

Click to collapse
Toggle
Wp Attachments
wp_attachments
3 CVEs
Anac Xml Bandi Di Gara
anac_xml_bandi_di_gara
2 CVEs
Anac Xml Viewer
anac_xml_viewer
1 CVE
Browser Theme Color
browser_theme_color
1 CVE

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-22291
1Marcomilesi
1Browser Theme Color
Jun 17, 2026
Jan 31, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.
CVE-2023-47245
1Marcomilesi
1Anac Xml Viewer
Jun 17, 2026
Nov 16, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Viewer plugin <= 1.7 versions.
CVE-2023-47242
1Marcomilesi
1Anac Xml Bandi Di Gara
Jun 17, 2026
Nov 16, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions.
CVE-2023-47656
1Marcomilesi
1Anac Xml Bandi Di Gara
Jun 17, 2026
Nov 14, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions.
CVE-2023-45651
1Marcomilesi
1Wp Attachments
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.
CVE-2022-4330
1Marcomilesi
1Wp Attachments
Jun 17, 2026
Jan 16, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilt...Show more
The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2022-3469
1Marcomilesi
1Wp Attachments
Jun 17, 2026
Nov 14, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfil...Show more
The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).Show less