Wbolt

wbolt

5 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Donate With Qrcode

donate_with_qrcode

All In One Search Automatic Push Management

all-in-one_search_automatic_push_management

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-6319 1Wbolt 1Imgspider Apr 8, 2026 Jul 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticat...Show more The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-6318 1Wbolt 1Imgspider Apr 8, 2026 Jul 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_img_file' function in all versions up to, and including, 2.3.10. This makes it possible for au...Show more The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_img_file' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2023-26531 1Wbolt 1All In One Search Automatic Push Management Nov 21, 2024 Nov 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in 闪电博多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from...Show more Cross-Site Request Forgery (CSRF) vulnerability in 闪电博多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7.Show less
CVE-2021-24976 1Wbolt 1Smart Seo Tool Nov 21, 2024 Jan 24, 2022 N/A· v4 6.1 MEDIUM· v3 2.6 LOW· v2 The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site...Show more The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site ScriptingShow less
CVE-2021-24618 1Wbolt 1Donate With Qrcode Nov 21, 2024 Sep 20, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and ca...Show more The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user (as low as subscriber), or unauthenticated user via a CSRF vector to update them and perform such attack.Show less