WordPress Advanced Access Manager - Path Traversal

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

CVE-2018-25213

creationtimestamp| type| source ---|---|--- 2026-03-26 14:45:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhxtrin5432s 2026-03-28 04:00:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mi3qntwlre2a...

CVE-2018-25213

Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through the DNS Query...

CVE-2019-25213

creationtimestamp| type| source ---|---|--- 2025-11-29 18:33:45+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-25213.yaml 2025-12-01 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m6xda4hvzu2e 2025-12-02...

CVE-2024-25213

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2025-25213

Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed...

CVE-2025-25213

creationtimestamp| type| source ---|---|--- 2025-04-09 09:47:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11032 2025-04-09 12:35:29+00:00| seen| https://t.me/cvedetector/22547...

CVE-2025-25213

Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed...

CVE-2025-25213

Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed...

CVE-2025-25213

The CVE-2025-25213 issue affects Inaba Denki Sangyo Co., Ltd. Wi‑Fi AP UNIT AC-WPS-11ac series (affected versions include v2.0.03P and prior). Root cause: improper restriction of rendered UI layers or frames, enabling unintended operations when a logged‑in user views/clicks on content hosted on a...

CVE-2023-25213

creationtimestamp| type| source ---|---|--- 2025-02-14 10:06:00+00:00| seen| Telegram/tTotBQGK6jJ-ckFpXvpoxXUES9m7Ii5TEtfQKDG2eftdJch...

CVE-2019-25213

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

CVE-2020-25213

The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...

CVE-2019-25213

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

CVE-2024-25213

creationtimestamp| type| source ---|---|--- 2024-03-06 15:16:51+00:00| seen| https://t.me/ctinow/201421...

CVE-2024-25213

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php...

CVE-2024-25213

CVE-2024-25213 affects the Employee Management System v1.0, where a SQL injection vulnerability exists in the SQL query executed via the id parameter on the endpoint /edit.php . The root cause is a lack of proper input handling leading to possible data disclosure, modification, or corruption; the...

CVE-2023-25213

Tenda AC5 USAC5V1.0RTLV15.03.06.28 was discovered to contain a stack overflow via the checkparamchanged function. This vulnerability allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted payload...

CVE-2023-25213

The CVE-2023-25213 entry concerns Tenda AC5 US_AC5V1.0RTL_V15.03.06.28, where a stack overflow in the check_param_changed function can be triggered remotely to cause a Denial of Service or arbitrary code execution via a crafted payload. Affected device: Tenda AC5 router; vulnerability appears in ...