Vulnerabilities > Meowapps
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-38513 | Unspecified vulnerability in Meowapps Photo Engine Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | 5.4 |
| 2023-12-19 | CVE-2023-44991 | Unspecified vulnerability in Meowapps Media File Renamer - Auto & Manual Rename Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. | 7.5 |
| 2023-12-19 | CVE-2023-44982 | Unspecified vulnerability in Meowapps Perfect Images Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. | 7.5 |
| 2023-06-27 | CVE-2023-2580 | Unspecified vulnerability in Meowapps AI Engine The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 4.8 |
| 2021-10-04 | CVE-2021-36850 | Cross-Site Request Forgery (CSRF) vulnerability in Meowapps Media File Renamer - Auto & Manual Rename Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). | 4.3 |
| 2021-10-04 | CVE-2021-24465 | SQL Injection vulnerability in Meowapps Meow Gallery The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. | 8.1 |
| 2021-08-16 | CVE-2021-34652 | Cross-site Scripting vulnerability in Meowapps Media Usage The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | 6.1 |
| 2019-08-22 | CVE-2018-20983 | Cross-site Scripting vulnerability in Meowapps WP Retina 2X The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | 6.1 |
| 2018-02-01 | CVE-2018-0511 | Cross-site Scripting vulnerability in Meowapps WP Retina 2X Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |