Graphpaperpress Sell Media vulnerabilities
2 known vulnerabilities affecting graphpaperpress/sell_media.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-6112P3MEDIUMCVSS 6.1PoC≤ 2.4.12020-08-14
CVE-2019-6112 [MEDIUM] CWE-79 CVE-2019-6112: A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
nvd
CVE-2021-4420P4MEDIUMCVSS 4.3≤ 2.5.52023-07-12
CVE-2021-4420 [MEDIUM] CWE-352 CVE-2021-4420: The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administr
nvd