Vulnerabilities > 10Up
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2024-43116 | Cross-Site Request Forgery (CSRF) vulnerability in 10Up Simple Local Avatars Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10. | 8.8 |
| 2024-06-08 | CVE-2024-35684 | Cross-Site Request Forgery (CSRF) vulnerability in 10Up Elasticpress Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1. | 4.3 |
| 2023-07-01 | CVE-2021-4405 | Unspecified vulnerability in 10Up Elasticpress The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. | 4.3 |
| 2022-09-26 | CVE-2022-1613 | Authorization Bypass Through User-Controlled Key vulnerability in 10Up Restricted Site Access The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations. | 5.3 |
| 2022-04-18 | CVE-2022-1091 | Cross-site Scripting vulnerability in 10Up Safe SVG The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. | 6.1 |
| 2019-11-11 | CVE-2019-18855 | Unspecified vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | 7.5 |
| 2019-11-11 | CVE-2019-18854 | Uncontrolled Recursion vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... | 7.5 |