CVE-2024-12267

CVE-2024-12267 affects the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (versions up to and including 1.3.8.5). The vulnerability is caused by insufficient file path validation in the dnd_codedropz_upload_delete() function, allowing unauthenticated attackers to perform...

PT-2025-1796 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress versions up to, and including, 1.3.8.5 Description: The issue is related to insufficient file path validation in the dnd codedropz upload delete function, allowing...

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.8.5 - Limited Arbitrary File Deletion vulnerability

Limited Arbitrary File Deletion vulnerability discovered by theviper17y in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.8.5...

SUSE CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguyen Van Khanh Patchstack Alliance WordPress Asset CleanUp: Page Speed Booster plugin versions = 1.3.8.4 Solution Update the WordPress Asset CleanUp: Page Speed Booster plugin to the latest available version at least...

WordPress plugin跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language.Asset CleanUp:Page Speed Booster WordPress plugin in versions prior to 1.3.8.5 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and outpu...

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Asset CleanUp:Page Speed Booster WordPress plugin prior to version 1.3.8.5 is vulnerable to a cross-site scripting vulnerability, which stems from the fact that the wpacuselectedsub tabarea parameter is...

WordPress Asset CleanUp plugin <= 1.3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Asset CleanUp plugin versions = 1.3.8.4. Solution Update the WordPress Asset CleanUp plugin to the latest available version at least 1.3.8.5...

Red Hat 389-ds-base Information Disclosure Vulnerability

Red Hat 389-ds-base is an American Red Hat package that includes a Linux directory server and a server administration command-line program. A security vulnerability exists in Red Hat 389-ds-base versions prior to 1.3.8.5 and prior to 1.4.0.12, which stems from the program storing passwords in...