Graphpaperpress : Security Vulnerabilities, CVEs,
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Max CVSS
4.3
EPSS Score
0.08%
Published
2023-07-12
Updated
2023-07-19
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
Max CVSS
6.1
EPSS Score
0.13%
Published
2020-08-14
Updated
2020-08-19
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
3 vulnerabilities found