Tainacan

Tainacan

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-14043

  • EPSS 0.27%
  • Veröffentlicht 21.12.2025 02:20:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the `create_item_permissions_check()` function unconditionally r...

5.3

CVE-2025-12747

  • EPSS 0.06%
  • Veröffentlicht 21.11.2025 16:28:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthentica...

6.1

CVE-2025-12746

  • EPSS 0.25%
  • Veröffentlicht 21.11.2025 07:31:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...

8.6

CVE-2025-47512

  • EPSS 0.24%
  • Veröffentlicht 23.05.2025 12:43:34
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan tainacan allows Path Traversal.This issue affects Tainacan: from n/a through <= 0.21.14.

6.5

CVE-2024-13236

  • EPSS 0.43%
  • Veröffentlicht 23.01.2025 12:15:27
  • Zuletzt bearbeitet 31.01.2025 16:03:09

The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi...

6.5

CVE-2024-48040

  • EPSS 0.41%
  • Veröffentlicht 11.10.2024 19:15:10
  • Zuletzt bearbeitet 01.04.2026 16:18:23

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0.21.8.

6.1

CVE-2024-9221

  • EPSS 2.33%
  • Veröffentlicht 11.10.2024 13:15:18
  • Zuletzt bearbeitet 07.03.2025 14:55:48

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attack...

6.5

CVE-2024-7135

  • EPSS 47.96%
  • Veröffentlicht 31.07.2024 11:15:11
  • Zuletzt bearbeitet 31.07.2024 12:57:02

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This mak...

9.8

CVE-2024-30529

  • EPSS 0.67%
  • Veröffentlicht 09.06.2024 11:15:52
  • Zuletzt bearbeitet 01.04.2026 16:16:56

Missing Authorization vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.7.

5.4

CVE-2024-34795

  • EPSS 0.2%
  • Veröffentlicht 03.06.2024 11:15:10
  • Zuletzt bearbeitet 01.04.2026 16:17:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.21.3.