WordPress Plugin Vulnerabilities

Auto Upload Images < 3.3.1 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
auto-upload-images
Fixed in 3.3.1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Rasi Afeef
Verified
No
WPVDB ID
10c4f02d-4460-4f46-a833-c926a15fb358

Timeline

Publicly Published
2022-10-24 (about 3 years ago)
Added
2023-06-14 (about 2 years ago)
Last Updated
2023-06-14 (about 2 years ago)

Other

Published
Title
Published
2024-09-30
Title
Depicter Slider < 3.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2023-04-19
Title
Help Desk WP <= 1.2.0 - Editor+ Stored XSS
Published
2021-09-09
Title
WooCommerce Payment Gateway Per Category <= 2.0.10 - Reflected Cross-Site Scripting
Published
2026-04-17
Title
Youzify < 1.3.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter
Published
2024-04-05
Title
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute