CVE-2025-6247
- EPSS 0.04%
- Veröffentlicht 26.08.2025 09:06:08
- Zuletzt bearbeitet 26.08.2025 13:41:58
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for un...
CVE-2025-5395
- EPSS 0.22%
- Veröffentlicht 11.06.2025 06:39:46
- Zuletzt bearbeitet 12.06.2025 16:06:20
The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attack...
CVE-2024-4849
- EPSS 0.2%
- Veröffentlicht 18.05.2024 06:15:08
- Zuletzt bearbeitet 21.11.2024 09:43:43
The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possi...
CVE-2024-32693
- EPSS 0.14%
- Veröffentlicht 22.04.2024 08:15:38
- Zuletzt bearbeitet 21.11.2024 09:15:29
Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0.
CVE-2021-4374
- EPSS 71.57%
- Veröffentlicht 07.06.2023 02:15:15
- Zuletzt bearbeitet 21.11.2024 06:37:32
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unau...