Vulnerabilities and security researches forbsk-pdf-manager bsk-pdf-manager

Jul 22, 2024

CVE, Research URL: CVE-2024-4367
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: May 14, 2024
Research Description: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Affected versions: Min -, max -.
Status: vulnerable

Jul 19, 2024

CVE, Research URL: CVE-2024-38767
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Jul 20, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2021-24860
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Nov 29, 2021
Research Description: The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2014-4944
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Jul 14, 2014
Research Description: Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-5110
Home page URL: Security reports for BSK PDF Manager
Application: BSK PDF Manager
Date: Oct 25, 2023
Research Description: The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable