N0Paew

#15155of 53,630
17.7Total CVSS
Vulnerabilities · 3
Medium
3
PT-2023-19546
5.9
2023-10-17
WordPress · Media Library Assistant · CVE-2023-24385
**Name of the Vulnerable Software and Affected Versions** David Lingren Media Library Assistant plugin versions <= 3.11 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts into the application, which can then be executed by other users. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions <= 3.11, update to a version higher than 3.11 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.
PT-2023-18650
5.9
2023-03-27
WordPress · Wpsoul Greenshift · CVE-2023-22707
**Name of the Vulnerable Software and Affected Versions** Wpsoul Greenshift – animation and page builder blocks plugin versions <= 4.9.9 **Description** The issue is related to an Authenticated Cross-Site Scripting (XSS) vulnerability. This means that an attacker who has authentication credentials for the system can potentially inject malicious scripts into the website, which could then be executed by other users, leading to unauthorized actions or data theft. **Recommendations** For Wpsoul Greenshift – animation and page builder blocks plugin versions <= 4.9.9, update to a version higher than 4.9.9 to resolve the issue. At the moment, there is no information about additional mitigation measures.
PT-2023-19146
5.9
2023-03-23
Awsm Innovations · Awsm Innovations Embed Any Document – Embed Pdf · CVE-2023-23707
**Name of the Vulnerable Software and Affected Versions** Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin versions <= 2.7.1 **Description** The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. It allows for Stored XSS via the upload of SVG and HTML files, due to an Unrestricted Upload of File with Dangerous Type vulnerability. **Recommendations** For Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin versions <= 2.7.1, update to a version higher than 2.7.1 to resolve the issue. As a temporary workaround, consider restricting the upload of SVG and HTML files to minimize the risk of exploitation.