Vulnerabilities > Wbolt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-04 | CVE-2024-6318 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbolt Imgspider The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_img_file' function in all versions up to, and including, 2.3.10. | 8.8 |
| 2024-07-04 | CVE-2024-6319 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbolt Imgspider The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. | 8.8 |
| 2023-11-13 | CVE-2023-26531 | Cross-Site Request Forgery (CSRF) vulnerability in Wbolt All-In-One Search Automatic Push Management Cross-Site Request Forgery (CSRF) vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? allows Cross Site Request Forgery.This issue affects ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/??: from n/a through 4.2.7. | 8.8 |
| 2022-01-24 | CVE-2021-24976 | Cross-site Scripting vulnerability in Wbolt Smart SEO Tool The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2021-09-20 | CVE-2021-24618 | Cross-site Scripting vulnerability in Wbolt Donate With Qrcode The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). | 5.4 |