3 matches found
WordPress EM Beer Manager plugin <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin EM Beer Manager versions = 3.2.3...
CVE-2025-11724
CVE-2025-11724 – EM Beer Manager (WordPress) : Vulnerable to authenticated (Subscriber+) arbitrary file upload leading to remote code execution in all versions up to and including 3.2.3 due to missing file type validation in EMBM_Admin_Untappd_Import_image() and missing authorization checks on th...
CVE-2025-11724 EM Beer Manager <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBMAdminUntappdImportimage function and missing authorization checks on the...