Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/06/18 5:34 a.m.30 views

CVE-2026-11784 Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

4.3CVSS0.00157EPSS
Exploits1References6
NVD
NVD
added 2025/10/31 10:15 a.m.8 views

CVE-2025-12041

The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eriflfile' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to download files restricted to specific user...

5.3CVSS0.00233EPSS
Exploits0References2
OSV
OSV
added 2025/10/28 3:15 a.m.4 views

CVE-2025-12347

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

8.8CVSS6.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/28 2:2 a.m.4 views

CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.0036EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.5 views

MaxSite CMS 代码问题漏洞

MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which stems from incorrect manipulation of the parameters filepath or content in the file...

8.8CVSS6.5AI score0.0036EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.4 views

Campcodes Grocery Sales and Inventory System SQL注入漏洞

CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A SQL injection vulnerability exists in Campcodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in file/ajax.php, which...

9.8CVSS7.8AI score0.00521EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.2 views

CampCodes Grocery Sales and Inventory System SQL注入漏洞

CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in file/ajax.php, which...

9.8CVSS7.8AI score0.00387EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.3 views

Campcodes Grocery Sales and Inventory System 安全漏洞

CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A security vulnerability exists in Campcodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in file/ajax.php, which could...

9.8CVSS7.8AI score0.00398EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.28 views

CampCodes Courier Management System 安全漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. A security vulnerability exists in CampCodes Courier Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in file/ajax.php...

9.8CVSS7.7AI score0.00383EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.2 views

Campcodes Online Loan Management System 安全漏洞

CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in file/ajax.ph...

9.8CVSS7.7AI score0.00387EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.4 views

Campcodes Online Loan Management System 安全漏洞

CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in...

9.8CVSS7.7AI score0.00387EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.3 views

itsourcecode Gym Management System 安全漏洞

itsourcecode Gym Management System is an open source gym management system by itsourcecode. A security vulnerability exists in version 1.0 of itsourcecode Gym Management System, which is caused by an SQL injection due to misuse of the parameter rid in file/ajax.php...

9.8CVSS7.8AI score0.00421EPSS
Exploits1References6
OSV
OSV
added 2024/09/04 7:15 a.m.5 views

CVE-2024-8104

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the downloadfileajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of...

6.5CVSS5.9AI score0.00957EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.7 views

PT-2024-38804 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive...

8.8CVSS7AI score0.00957EPSS
Exploits0References12
Rows per page
Query Builder