VYPR

URL Media Uploader

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-1662MedFeb 28, 2025
    risk 0.42cvss 6.4epss 0.00

    The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make…

  • CVE-2025-14045MedDec 12, 2025
    risk 0.28cvss 4.3epss 0.00

    The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated…

  • CVE-2023-3720Aug 30, 2023
    risk 0.00cvss epss 0.00

    The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files (including HTML containing JS code for users with the unfiltered_html capability) on their behalf.