Roel Van Beurden

#9599of 53,633
28.8Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2022-13661
8.8
2022-05-16
WordPress · Advanced Uploader · CVE-2022-1103
**Name of the Vulnerable Software and Affected Versions** Advanced Uploader WordPress plugin versions prior to 4.3 **Description** The issue allows any authenticated users, including those with minimal privileges like subscribers, to upload arbitrary files. This includes files that can be executed by the server, such as PHP files, potentially leading to remote code execution (RCE). **Recommendations** For Advanced Uploader WordPress plugin versions prior to 4.3, update to version 4.3 or later to resolve the issue.
PT-2022-13662
4.8
2022-05-09
WordPress · Popup Maker · CVE-2022-1104
**Name of the Vulnerable Software and Affected Versions** Popup Maker WordPress plugin versions prior to 1.16.5 **Description** The issue concerns the Popup Maker WordPress plugin, which does not properly sanitize and escape some of its popup settings. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.16.5, update to version 1.16.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation. Avoid using the vulnerable popup settings until the issue is resolved.
PT-2020-15845
5.4
2020-10-01
Getsimple · Getsimple Cms · CVE-2020-24861
**Name of the Vulnerable Software and Affected Versions** GetSimple CMS version 3.3.16 **Description** The issue concerns a persistent Cross Site Scripting (XSS) flaw. It occurs through the `permalink` parameter on the Settings page. The XSS is executed when creating and opening a new page. **Recommendations** For GetSimple CMS version 3.3.16, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Settings page to minimize the risk of exploitation. Avoid using the `permalink` parameter in the affected Settings page until the issue is resolved.
PT-2020-16264
9.8
2020-10-01
Websitebaker · Websitebaker · CVE-2020-25990
**Name of the Vulnerable Software and Affected Versions** WebsiteBaker version 2.12.2 **Description** The issue allows SQL Injection via the `display name` parameter in the "/websitebaker/admin/preferences/save.php" API endpoint. This could enable an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. **Recommendations** For version 2.12.2, avoid using the `display name` parameter in the "/websitebaker/admin/preferences/save.php" API endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation.