196 matches found
CVE-2024-5222
The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...
CVE-2024-5222 Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting
The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...
Qi Blocks < 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2024-35636 WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...
WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Mikage.K Patchstack Alliance in WordPress Plugin Uploadcare File Uploader and Adaptive Delivery beta versions = 3.0.11...
WordPress Uploadcare File Uploader and Adaptive Delivery (beta) Plugin <= 3.0.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Uploadcare File Uploader and Adaptive Delivery beta Type Plugin Vulnerable versions = 3.0.11 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-35636 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7af925782e5b...
CVE-2023-23656
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1...
CVE-2023-23656 WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1...
WordPress Plugin File Uploader 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
VulnCheck KEV: CVE-2021-34624
A vulnerability in the file uploader component found in the /src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3...
CVE-2023-41788 Remote Code Execution via File Uploader
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773...
WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)
Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...
xForUp Simple File Uploader 1.0 SQL Injection
==================================================================================================================================== | Title : xForUp simple file uploader V1.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
WordPress KRSP Frontend File Uploader Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software KRSP Frontend File Uploader Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3d4ca0e2c724 Credits Rafie Muhammad Patchstac...
WordPress File Uploader Plugin < 4.19.2 is vulnerable to Path Traversal
Software File Uploader Type Plugin Vulnerable versions 4.19.2 Fixed in 4.19.2 OWASP Top 10 A5: Broken Access Control Classification Path Traversal CVE CVE-2023-2688 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f1bb8a36ca00 Credits Marco Wotschka Required privilege...
CVE-2023-1169
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
CVE-2023-1169
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
Authorization
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Date: 2023-04-17 Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE:...