EUVD-2026-33439

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

CVE-2025-13065

The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...

EUVD-2025-201353

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...

Component GMapFP Unauthenticated Arbitrary File Upload Vulnerability in Joomla!

Joomla! is an open source content management system CMS. A security vulnerability exists in the Joomla! component GMapFP. An attacker can exploit the vulnerability to access the application's upload functionality, upload files without authenticating the application, and bypass the issue by changi...