Tainacan

Tainacan

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-14043

  • EPSS 0.27%
  • Veröffentlicht 21.12.2025 02:20:32
  • Zuletzt bearbeitet 23.12.2025 14:51:52

The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the `create_item_permissions_check()` function unconditionally r...

5.3

CVE-2025-12747

  • EPSS 0.05%
  • Veröffentlicht 21.11.2025 16:28:14
  • Zuletzt bearbeitet 25.11.2025 22:16:42

The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthentica...

6.1

CVE-2025-12746

  • EPSS 0.16%
  • Veröffentlicht 21.11.2025 07:31:45
  • Zuletzt bearbeitet 26.01.2026 15:16:06

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...

8.6

CVE-2025-47512

  • EPSS 0.1%
  • Veröffentlicht 23.05.2025 12:43:34
  • Zuletzt bearbeitet 23.05.2025 15:54:42

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan allows Path Traversal. This issue affects Tainacan: from n/a through 0.21.14.

6.5

CVE-2024-13236

  • EPSS 0.43%
  • Veröffentlicht 23.01.2025 12:15:27
  • Zuletzt bearbeitet 31.01.2025 16:03:09

The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi...

6.5

CVE-2024-48040

  • EPSS 0.39%
  • Veröffentlicht 11.10.2024 19:15:10
  • Zuletzt bearbeitet 06.03.2025 18:13:11

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tainacan.Org Tainacan allows SQL Injection.This issue affects Tainacan: from n/a through 0.21.8.

6.1

CVE-2024-9221

  • EPSS 2.33%
  • Veröffentlicht 11.10.2024 13:15:18
  • Zuletzt bearbeitet 07.03.2025 14:55:48

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attack...

6.5

CVE-2024-7135

  • EPSS 47.96%
  • Veröffentlicht 31.07.2024 11:15:11
  • Zuletzt bearbeitet 31.07.2024 12:57:02

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This mak...

9.8

CVE-2024-30529

  • EPSS 0.66%
  • Veröffentlicht 09.06.2024 11:15:52
  • Zuletzt bearbeitet 21.11.2024 09:12:06

Missing Authorization vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.7.

5.4

CVE-2024-34795

  • EPSS 0.14%
  • Veröffentlicht 03.06.2024 11:15:10
  • Zuletzt bearbeitet 07.03.2025 11:54:06

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through 0.21.3.