Vulnerabilities (CVE)

Filtered by vendor Graphpaperpress Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-4420 1 Graphpaperpress 1 Sell Media 2024-11-21 N/A 4.3 MEDIUM
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2019-6112 1 Graphpaperpress 1 Sell Media 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
CVE-2011-3855 2 Graphpaperpress, Wordpress 2 F8 Lite, Wordpress 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.