VYPR

Sell Media

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-11777MedJan 7, 2025
    risk 0.42cvss 6.4epss 0.00

    The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2021-4420MedJul 12, 2023
    risk 0.28cvss 4.3epss 0.00

    The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media…

  • CVE-2019-6112MedAug 14, 2020
    risk 0.01cvss 6.1epss 0.09

    A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).