Back2nature: >> Word Balloon >> 4.20.1 Security Vulnerabilities
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-06-21
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-12-04