WordPress User Registration Advanced Fields plugin <= 1.6.20 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin User Registration Advanced Fields versions = 1.6.20...

CVE-2026-4882

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...

CVE-2026-4882

The CVE concerns the WordPress plugin “User Registration Advanced Fields” (URAF). Vulnerable code path: URAF_AJAX::method_upload, with missing file type validation, across all versions up to and including 1.6.20. This permits unauthenticated attackers to upload arbitrary files on the affected sit...

CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...

EUVD-2026-26734

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAFAJAX::methodupload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary...

Divxtodvd Easy Video to iPod Converter 缓冲区错误漏洞

Divxtodvd Easy Video to iPod Converter is a software tool developed by the Thai company Divxtodvd, designed for converting video formats and adapting them for playback on iPod devices. Version 1.6.20 of Easy Video to iPod Converter contains a buffer overflow vulnerability, which stems from...

EUVD-2024-28432

Malicious code in bioql PyPI...

CVE-2024-30512

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...

CVE-2024-47360

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20...

CVE-2024-47360 WordPress BA Book Everything plugin <= 1.6.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20...

WordPress plugin BA Book Everything 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress BA Book Everything plugin <= 1.6.20 - Unauthenticated Arbitrary User Password Reset vulnerability

Unauthenticated Arbitrary User Password Reset vulnerability discovered by wesley wcraft in WordPress Plugin BA Book Everything versions = 1.6.20...

WordPress BA Book Everything plugin <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover vulnerability

Cross-Site Request Forgery to Email Address Update/Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin BA Book Everything versions = 1.6.20...

WordPress plugin BA Book Everything 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2024-39258 · WordPress · Ba Book Everything

Name of the Vulnerable Software and Affected Versions: BA Book Everything plugin for WordPress versions up to, and including, 1.6.20 Description: The issue allows unauthenticated attackers to reset any user's passwords, including administrators, due to the reset user password function not verifyi...

WordPress plugin BA Book Everything 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-30512

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...

CVE-2024-30512

CVE-2024-30512 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin weForms, affecting versions up to 1.6.20. The NVD entry rates the impact as Critical (CVSS v3.1 base score 9.1) with network access and no user interaction required; confidentiality and integri...

PT-2024-23440 · Weforms · Weforms

Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.20 and earlier Description: A Missing Authorization issue has been identified. This issue allows unauthorized access. The estimated number of potentially affected devices is not specified. Recommendations: For weForms...

PT-2024-24630 · Weforms · Weforms

Name of the Vulnerable Software and Affected Versions: weForms versions 1.6.20 and earlier Description: The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in weForms, which allows the removal of important client functionality. Recommendations: For weForms...