14 matches found
CVE-2026-11784 Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...
CVE-2025-12041
The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eriflfile' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user...
CVE-2025-12347
A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...
CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload
A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...
MaxSite CMS 代码问题漏洞
MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which stems from incorrect manipulation of the parameters filepath or content in the file...
Campcodes Grocery Sales and Inventory System SQL注入漏洞
CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A SQL injection vulnerability exists in Campcodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in file/ajax.php, which...
CampCodes Grocery Sales and Inventory System SQL注入漏洞
CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in file/ajax.php, which...
Campcodes Grocery Sales and Inventory System 安全漏洞
CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A security vulnerability exists in Campcodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in file/ajax.php, which could...
CampCodes Courier Management System 安全漏洞
CampCodes Courier Management System is a courier management system from CampCodes Philippines. A security vulnerability exists in CampCodes Courier Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in file/ajax.php...
Campcodes Online Loan Management System 安全漏洞
CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in file/ajax.ph...
Campcodes Online Loan Management System 安全漏洞
CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in...
itsourcecode Gym Management System 安全漏洞
itsourcecode Gym Management System is an open source gym management system by itsourcecode. A security vulnerability exists in version 1.0 of itsourcecode Gym Management System, which is caused by an SQL injection due to misuse of the parameter rid in file/ajax.php...
CVE-2024-8104
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the downloadfileajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of...
PT-2024-38804 · WordPress · Wp Extended
Name of the Vulnerable Software and Affected Versions: WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive...