CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/08 1:55 a.m.•18 views

CVE-2023-54350

Affected software: WordPress Augmented-Reality plugin. Vulnerability: remote code execution via the elFinder connector. Access/Impact: unauthenticated attackers can upload and execute arbitrary PHP files on the server. How it exploits: POST to connector.minimal.php with mkfile and put commands to...

EUVD•added 2026/06/08 1:55 a.m.•12 views

EUVD-2023-60581

ATTACKERKB•added 2026/06/08 1:55 a.m.•4 views

CVE-2023-54350

Exploits0References2Affected Software1

Vulnrichment•added 2026/06/08 1:55 a.m.•5 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

Cvelist•added 2026/06/08 1:55 a.m.•42 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

8.7CVSS0.00532EPSS

Positive Technologies•added 2026/06/08 12:0 a.m.•10 views

PT-2026-47232

Name of the Vulnerable Software and Affected Versions WordPress Augmented-Reality plugin affected versions not specified Description A remote code execution issue exists in the elFinder connector. Unauthenticated attackers can upload and execute arbitrary PHP files by sending POST requests to the...

8.7CVSS6.5AI score0.00532EPSS

Exploits0References10

RedhatCVE•added 2026/04/25 1:22 a.m.•5 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.4AI score0.00998EPSS

Exploits1References1

RedhatCVE•added 2026/04/25 1:22 a.m.•6 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS5.8AI score0.00699EPSS

Exploits1References1

RedhatCVE•added 2026/04/23 7:58 p.m.•5 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

EUVD•added 2026/04/22 9:32 p.m.•3 views

Exploits1References1

EUVD-2026-25068

7.1CVSS6.3AI score0.00998EPSS

EUVD•added 2026/04/22 9:32 p.m.•5 views

EUVD-2026-25067

NVD•added 2026/04/22 7:17 p.m.•2 views

CVE-2026-34414

7.1CVSS0.00998EPSS

NVD•added 2026/04/22 7:17 p.m.•4 views

CVE-2026-34413

8.8CVSS0.0077EPSS

Cvelist•added 2026/04/22 6:33 p.m.•27 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

8.8CVSS0.0077EPSS

Vulnrichment•added 2026/04/22 6:33 p.m.•3 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

ATTACKERKB•added 2026/04/22 6:33 p.m.•0 views

CVE-2026-34413

CVE•added 2026/04/22 6:33 p.m.•7 views

Exploits1References9

CVE-2026-34413

Xerte Online Toolkits 3.15 and earlier suffer a missing authentication vulnerability in the elFinder connector endpoint /editor/elfinder/php/connector.php. An HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request se...

Cvelist•added 2026/04/22 6:33 p.m.•25 views

CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector

9.8CVSS0.00699EPSS

CVE•added 2026/04/22 6:33 p.m.•2 views

CVE-2026-34415

CVE-2026-34415 affects Xerte Online Toolkits versions ≤ 3.15. The vulnerability is in the elFinder connector endpoint, where incomplete input validation fails to block PHP-executable extensions such as .php4 due to an incorrect regex. This enables an unauthenticated attacker to abuse an attack pa...

9.8CVSS6AI score0.00699EPSS