The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Max CVSS
4.3
EPSS Score
0.08%
Published
2023-07-12
Updated
2023-07-19
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
Max CVSS
6.1
EPSS Score
0.13%
Published
2020-08-14
Updated
2020-08-19
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2011-09-28
Updated
2012-05-21
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!