← Back

Najeebmedia

najeebmedia

26 CVEs • 12 products

Products (12)

Click to collapse
Toggle
Frontend File Manager Plugin
frontend_file_manager_plugin
10 CVEs
Frontend File Manager
frontend_file_manager
4 CVEs
Ppom For Woocommerce
ppom_for_woocommerce
2 CVEs
Comments Extra Fields
comments_extra_fields
2 CVEs
Simple User Registration
simple_user_registration
2 CVEs
N Media File Uploader
n-media_file_uploader
1 CVE
Personalized Woocommerce Cart Page
personalized_woocommerce_cart_page
1 CVE
Wordpress Comments Fields
wordpress_comments_fields
1 CVE
Woocommerce Checkout Field Manager
woocommerce_checkout_field_manager
1 CVE
Post Front End Form
post_front-end_form
1 CVE
Easy Quiz Maker
easy_quiz_maker
1 CVE
Website Contact Form With File Upload
website_contact_form_with_file_upload
1 CVE

CVEs (26)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-3124
1Najeebmedia
1Frontend File Manager
Nov 21, 2024
Oct 3, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow...Show more
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web serverShow less
CVE-2022-2398
1Najeebmedia
1Wordpress Comments Fields
Nov 21, 2024
Aug 8, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2021-25018
1Najeebmedia
1Ppom For Woocommerce
Nov 21, 2024
Feb 14, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermo...Show more
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issuesShow less
CVE-2019-14948
1Najeebmedia
1Ppom For Woocommerce
Nov 21, 2024
Aug 12, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
CVE-2019-5979
1Najeebmedia
1Personalized Woocommerce Cart Page
Nov 21, 2024
Jul 5, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2014-5324
1Najeebmedia
1N Media File Uploader
May 6, 2026
Sep 26, 2014
N/A· v4
N/A· v3
6.5 MEDIUM· v2
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.