Vulnerabilities (CVE)

Filtered by vendor Extendify Subscribe
Filtered by product Editorskit
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6635 1 Extendify 1 Editorskit 2024-02-12 N/A 7.2 HIGH
The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2021-24546 1 Extendify 1 Editorskit 2024-02-04 6.5 MEDIUM 8.8 HIGH
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code