magic-post-thumbnail CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

magic-post-thumbnail vulnerability overview

Aggregates CVE and security vulnerability intelligence across all magic-post-thumbnail-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2024-43921	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.	[email protected]	7.1	0.55%	2024-08-29	2024-09-04
CVE-2024-6724	The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)	[email protected]	4.8	0.18%	2024-08-13	2025-05-27
CVE-2023-29171	Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.	[email protected]	7.1	0.20%	2023-04-07	2024-11-21

cvelogic Threat Intelligence