Filtered by vendor Extendify
Subscriptions
Filtered by product Editorskit
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-24546 | 1 Extendify | 1 Editorskit | 2024-08-03 | 8.8 High |
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code | ||||
CVE-2023-6635 | 1 Extendify | 1 Editorskit | 2024-08-02 | 7.2 High |
The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. |
Page 1 of 1.