WordPress Smart Auto Upload Images plugin <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by Dieu Link and GCSC Vietnam in WordPress Plugin Smart Auto Upload Images versions = 1.2.0...

CVE-2025-12161

creationtimestamp| type| source ---|---|--- 2025-11-08 04:32:05+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m53r5v3pyx24 2025-11-08 05:45:38+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m53vbant4sk2 2025-11-08 06:05:21+00:00| seen|...

CVE-2025-12161 Smart Auto Upload Images <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload

The Smart Auto Upload Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the auto-image creation functionality in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2017-12161

Malware in sbrugna...

CVE-2024-12161

creationtimestamp| type| source ---|---|--- 2025-02-11 02:17:51+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulrc6jzn2q...

CVE-2019-12161

creationtimestamp| type| source ---|---|--- 2019-05-17 19:46:12+00:00| seen| https://t.me/cvemitreorg/66...

CVE-2019-12161

WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses such as 0300.0250 as a replacement for 192.168...

CVE-2019-12161

CVE-2019-12161: The issue affects WPO WebPageTest 19.04 and is due to ValidateURL in www/runtest.php not handling octal-encoded IPs (e.g., 0300.0250 representing 192.168), enabling SSRF. The connected Red Hat and OSV/PRION entries corroborate the SSRF description and reference the same around 201...

Moderate severity vulnerability that affects org.keycloak:keycloak-core

Withdrawn: Duplicate of CVE-2017-12161 / GHSA-959q-32g8-vvp7...

CVE-2018-12161

CVE-2018-12161 affects Intel Rapid Web Server 3 webserver component. The issue is insufficient session validation that may allow an unauthenticated user to disclose information over the network. Affected product: Intel Rapid Web Server 3 webserver component. Impact: information disclosure with ne...

CVE-2017-12161

Concrete details show a vulnerability in Keycloak prior to 3.4.2 final where a client-side /etc/hosts entry can be abused to spoof a URL in a password reset request, enabling an attacker to obtain a valid reset token and potentially disclose information or enable further attacks. Affected softwar...

CVE-2017-1000500

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12161. Reason: This candidate is a reservation duplicate of CVE-2017-12161. Notes: All CVE users should reference CVE-2017-12161 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...