Endortrails Sell Media vulnerabilities
2 known vulnerabilities affecting endortrails/sell_media.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-11777P4MEDIUMCVSS 6.4≤ 2.5.8.52025-01-07
CVE-2024-11777 [MEDIUM] CWE-79 CVE-2024-11777: The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's
The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level
nvd
CVE-2021-4420P4MEDIUMCVSS 4.3≤ 2.5.52023-07-12
CVE-2021-4420 [MEDIUM] CWE-352 CVE-2021-4420: The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administr
nvd