EUVD-2025-206809

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2025-15487 Code Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2025-15487

CVE-2025-15487 affects the WordPress Code Explorer plugin up to version 1.4.6. The root cause is a path traversal flaw exploitable via the file parameter, allowing authenticated attackers with Administrator-level access to read arbitrary server files. Impact is exposure of sensitive information; ...

PT-2026-5888

Name of the Vulnerable Software and Affected Versions WordPress Code Explorer plugin versions through 1.4.6 Description The Code Explorer plugin for WordPress has a flaw that allows authorized users with Administrator-level access or higher to read arbitrary files on the server. This is possible...

WordPress Code Explorer plugin <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'file' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Code Explorer versions = 1.4.6...

bolo-solo 路径遍历漏洞

Bolo-Solo is a blog system developed under the open source Bolo-Blog project. Versions of Bolo-Solo 2.6.4 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the importFromCnblogs function in the file...

VulnCheck KEV: CVE-2022-30777

Parallels H-Sphere 3.6.1713 allows XSS via the indexen.php from parameter...

Code-Projects Online Music Site SQL Injection Vulnerability

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters related to files, administrators, and the...

CVE-2023-54341

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2023-54341

Webgrind 1.1 and earlier are affected by a reflected XSS via the file parameter in index.php. The vulnerability arises from insufficient encoding of user-controlled input, allowing unauthenticated attackers to inject arbitrary JavaScript by crafting malicious URLs. Affected component: Webgrind (P...

CVE-2023-54341 Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) via file Parameter

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2023-54341 Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) via file Parameter

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

CVE-2025-69990

phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in removefile.php. The parameter file can cause any file to be deleted...

PT-2026-2431

Name of the Vulnerable Software and Affected Versions Webgrind versions 1.1 and earlier Description The application does not adequately encode user-supplied data, enabling unauthenticated attackers to inject malicious scripts through the file parameter in the 'index.php' file. This allows attacke...

Webgrind 跨站脚本漏洞

Webgrind is a web-based PHP performance analysis tool from the individual developer Joakim Nygård. A cross-site scripting vulnerability exists in Webgrind 1.1 and earlier versions, which stems from insufficiently encoded user input in the file parameter of index.php, and could lead to a reflectiv...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

CVE-2020-23715

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download...

CVE-2023-29004

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...

PT-2026-1344

Name of the Vulnerable Software and Affected Versions Craft versions 5.0.0-RC1 through 5.8.20 Craft versions 4.0.0-RC1 through 4.16.16 Description Craft is a platform for creating digital experiences. The GraphQL save Asset mutation is susceptible to Server-Side Request Forgery SSRF. The issue...

CVE-2025-15404

A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /savefile.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclose...