Vulnerabilities in hotwptemplates

2 results

CVE-2025-4419MEDIUMHot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path ParameterEPSS 0.4%CVE-2025-4405MEDIUMHot Random Image <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link ParameterEPSS 0.2%