CVE-2025-4970
- EPSS 0.01%
- Veröffentlicht 12.12.2025 07:20:34
- Zuletzt bearbeitet 12.12.2025 15:17:31
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2024-38767
- EPSS 0.16%
- Veröffentlicht 20.07.2024 08:15:15
- Zuletzt bearbeitet 21.11.2024 09:26:47
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6.
CVE-2023-5110
- EPSS 0.13%
- Veröffentlicht 25.10.2023 18:17:42
- Zuletzt bearbeitet 21.11.2024 08:41:04
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attri...
CVE-2021-24860
- EPSS 0.57%
- Veröffentlicht 29.11.2021 09:15:07
- Zuletzt bearbeitet 21.11.2024 05:53:54
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
CVE-2014-4944
- EPSS 0.83%
- Veröffentlicht 14.07.2014 14:55:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.p...