Vulnerabilities > Extendify
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6635 | Unrestricted Upload of File with Dangerous Type vulnerability in Extendify Editorskit The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. | 7.2 |
| 2021-10-11 | CVE-2021-24546 | Code Injection vulnerability in Extendify Editorskit The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code | 8.8 |