ByteOS Network

eagerterrier

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-1313

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-8.3||HIGH

EPSS-0.05% / 15.67%

7 Day CHG~0.00%

Published-21 Mar, 2026 | 03:26

Updated-22 Apr, 2026 | 21:32

MimeTypes Link Icons <= 3.2.20 - Authenticated (Contributor+) Server-Side Request Forgery via Crafted Links in Post Content

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when the "Show file size" option is enabled. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services via crafted links in post content.

Vendor-eagerterrier

Product-MimeTypes Link Icons

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2024-54410

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.11% / 28.16%

7 Day CHG~0.00%

Published-16 Dec, 2024 | 14:13

Updated-28 Apr, 2026 | 16:10

WordPress SOPA Blackout plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in eagerterrier SOPA Blackout sopa-blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through <= 1.4.

Vendor-eagerterrier

Product-SOPA Blackout

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)