143 matches found
WordPress plugin MasterStudy LMS Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2024-7775
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...
CVE-2023-26961
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files e.g., JavaScript content for stored XSS via the type field in a JSON document within a PUT /gallery/api/media request...
WordPress plugin TheGem 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress plugin Drag and Drop Multiple File Upload for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...
youkefu 代码问题漏洞
youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu 4.2.0 and earlier versions, which originates from the file youkefu-mastersrcmainjavacomukefuwebimwebhandler. Mishandling of the parameter imgFile in...
SUSE CVE-2025-31489
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
MinIO 数据伪造问题漏洞
MinIO is an open source object storage server from the US-based MinIO. The product supports building infrastructures for machine learning, analytics, and application data workloads. MinIO suffers from a data forgery issue vulnerability that stems from a potentially invalid authorization signature...
Unspecified vulnerability in Lunary (CNVD-2025-06940)
Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary version 105a3f6 that originates from allowing users to upload and execute arbitrary regular expressions, which can be exploited by an attacker to potentially cause a regular expression denial of...
PT-2025-11678
Name of the Vulnerable Software and Affected Versions File Away plugin for WordPress versions up to, and including, 3.9.9.0.1 Description The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload...
WordPress plugin ThemeREX Addons 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists in...
WordPress plugin Super Backup & Clone 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress plugin Opt-In Downloads 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...
CVE-2024-11311
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...
PT-2024-16573 · WordPress · Woocommerce Upload Files
Name of the Vulnerable Software and Affected Versions: WooCommerce Upload Files plugin for WordPress versions up to, and including, 84.3 Description: The issue is related to arbitrary file uploads due to missing file type validation in the upload files function. This allows unauthenticated...
PT-2024-16560
Name of the Vulnerable Software and Affected Versions WordPress User Extra Fields plugin versions up to and including 16.5 Description The WordPress User Extra Fields plugin is vulnerable to arbitrary file uploads due to missing file type validation in the ajax manage file chunk upload function...
PT-2024-39135
Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to arbitrary file uploads due to missing file type validation in the jobsearch location load excel file callback function. This...
VulnCheck KEV: CVE-2016-15042
The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible...
CVE-2024-7855
The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updatereview function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload...
PT-2024-38419 · WordPress · File Manager Pro
Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.7 Description: The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk file...