Tainacan

Tainacan

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2026-42740

  • EPSS 0.24%
  • Veröffentlicht 27.05.2026 09:49:05
  • Zuletzt bearbeitet 27.05.2026 14:50:47

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through <= 1.0.3.

5.3

CVE-2025-14043

  • EPSS 0.3%
  • Veröffentlicht 21.12.2025 02:20:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the `create_item_permissions_check()` function unconditionally r...

5.3

CVE-2025-12747

  • EPSS 0.26%
  • Veröffentlicht 21.11.2025 16:28:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthentica...

6.1

CVE-2025-12746

  • EPSS 0.22%
  • Veröffentlicht 21.11.2025 07:31:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...

8.6

CVE-2025-47512

  • EPSS 0.44%
  • Veröffentlicht 23.05.2025 12:43:34
  • Zuletzt bearbeitet 23.04.2026 15:30:22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan tainacan allows Path Traversal.This issue affects Tainacan: from n/a through <= 0.21.14.

6.5

CVE-2024-13236

  • EPSS 0.44%
  • Veröffentlicht 23.01.2025 12:15:27
  • Zuletzt bearbeitet 31.01.2025 16:03:09

The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi...

6.5

CVE-2024-48040

  • EPSS 0.53%
  • Veröffentlicht 11.10.2024 19:15:10
  • Zuletzt bearbeitet 23.04.2026 15:19:28

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0.21.8.

6.1

CVE-2024-9221

  • EPSS 0.4%
  • Veröffentlicht 11.10.2024 13:15:18
  • Zuletzt bearbeitet 07.03.2025 14:55:48

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attack...

6.5

CVE-2024-7135

  • EPSS 2.69%
  • Veröffentlicht 31.07.2024 11:15:11
  • Zuletzt bearbeitet 31.07.2024 12:57:02

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This mak...

9.8

CVE-2024-30529

  • EPSS 0.44%
  • Veröffentlicht 09.06.2024 11:15:52
  • Zuletzt bearbeitet 23.04.2026 15:18:12

Missing Authorization vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.7.