[MEDIUM] CVE-2022-29858: Unpublished, protected files can be published via shortcode

PKSA-gkm3-w29w-mn8y CVE-2022-29858 GHSA-v68g-62v9-39w5

Affected version: >=1.0.0,<1.10.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] CVE-2022-38147 - XSS via uploaded gpx file

PKSA-h12n-xqnh-nnc1 CVE-2022-38147 GHSA-vv3r-fxqp-vr3f

Affected version: >=1.0.0,<1.11.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] CVE-2022-38724 - XSS in shortcodes

PKSA-vdrm-g673-qq8n CVE-2022-38724 GHSA-9cx2-hj6m-fv58

Affected version: >=1.0.0,<1.11.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to

PKSA-mzkw-2yhz-1nzc CVE-2020-9280 GHSA-592m-4533-rxq9

Affected version: >=1.0.0,<1.4.7|>=1.5.0,<1.5.2

Reported by:
GitHub, FriendsOfPHP/security-advisories