VYPR

Wp Image Uploader

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-13720HigJan 30, 2025
    risk 0.57cvss 8.8epss 0.01

    The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to…

  • CVE-2024-13707HigJan 30, 2025
    risk 0.57cvss 8.8epss 0.00

    The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gky_image_uploader_main_function() function. This makes it possible for unauthenticated…

  • CVE-2024-13706MedJan 30, 2025
    risk 0.40cvss 6.1epss 0.00

    The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…