Vulnerabilities > 10Up

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-43116 Cross-Site Request Forgery (CSRF) vulnerability in 10Up Simple Local Avatars
Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.
network
low complexity
10up CWE-352
8.8
2024-06-08 CVE-2024-35684 Unspecified vulnerability in 10Up Elasticpress
Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1.
network
low complexity
10up
4.3
2022-09-26 CVE-2022-1613 Authorization Bypass Through User-Controlled Key vulnerability in 10Up Restricted Site Access
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.
network
low complexity
10up CWE-639
5.3
2022-04-18 CVE-2022-1091 Unspecified vulnerability in 10Up Safe SVG
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file.
network
low complexity
10up
6.1
2019-11-11 CVE-2019-18855 Unspecified vulnerability in 10Up Safe SVG
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
network
low complexity
10up
7.5
2019-11-11 CVE-2019-18854 Uncontrolled Recursion vulnerability in 10Up Safe SVG
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ...
network
low complexity
10up CWE-674
7.5