CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2024-39639 – WordPress File Upload <= 4.24.7 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-39639
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wfu_ajax_action_save_shortcode() function in versions up to, and including, 4.24.7. This makes it possible for authenticated attackers, with contributor-level access and above, to save shortcodes • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125110 – wp-file-upload Plugin wfu_ajaxactions.php wfu_ajax_action_callback cross site scripting
https://notcve.org/view.php?id=CVE-2014-125110
A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.4.4 is able to address this issue. • https://github.com/wp-plugins/wp-file-upload/commit/c846327df030a0a97da036a2f07c769ab9284ddb https://github.com/wp-plugins/wp-file-upload/releases/tag/2.4.4 https://vuldb.com/?ctiid.258781 https://vuldb.com/?id.258781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •