Meowapps: Security Vulnerabilities
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized.
CVSS Score
8.1
EPSS Score
0.006
Published
2021-10-04
The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-16
The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.001
Published
2018-02-01
Page 3