WordPress plugin WP Hide & Security Enhancer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

CVE-2024-10857

CVE-2024-10857 concerns the WordPress plugin Product Input Fields for WooCommerce. The vulnerability is a directory traversal flaw in the handle_downloads() function caused by insufficient file path validation/sanitization, allowing authenticated attackers with Contributor-level access and higher...

CVE-2024-11150

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

CVE-2024-10672

CVE-2024-10672: The Multiple Page Generator Plugin – MPG for WordPress is vulnerable to directory traversal that enables authenticated attackers with editor-level access (and higher) to delete limited server files. Affected versions are

CVE-2024-10470

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-10625

CVE-2024-10625 affects the WooCommerce Support Ticket System plugin for WordPress. It enables unauthenticated deletion of arbitrary files via delete_tmp_uploaded_file() due to insufficient path validation in versions up to 17.7, with potential remote code execution when critical files (e.g., wp-c...

Path Traversal

Lollms is vulnerable to a path traversal vulnerability. The vulnerability is due to improper validation of file paths in the lollmsfilesystem.py file, where functions like addragdatabase, togglemountragdatabase, and vectorizefolder lack necessary security measures, allowing attackers to access an...

CVE-2024-7514

The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...

CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable...

CVE-2024-8671

The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary...

CVE-2024-8671

The CVE-2024-8671 entry concerns WordPress plugin WooEvents – Calendar and Event Booking. Affected versions (up to 4.1.2) are vulnerable to arbitrary file overwrite due to insufficient file path validation in inc/barcode.php, enabling unauthenticated attackers to overwrite server files and potent...

Relative Path Traversal

@backstage/plugin-techdocs-backend is vulnerable to Relative Path Traversal. The vulnerability is caused due to improper validation of file paths, allowing unauthorized access to files in the AWS S3 or GCS storage provider...

CVE-2024-7626

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the saveeditprofiledetails function in all versions up to, and including, 1.6.9. This makes it possib...

CVE-2024-7626

CVE-2024-7626 affects WP Delicious – Recipe Plugin for WordPress (formerly Delicious Recipes), versions ≤ 1.6.9. The vulnerability stems from insufficient file path validation in the save_edit_profile_details() function, allowing authenticated users with subscriber-level access and above to move ...

WordPress plugin WP Delicious 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-7782

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it...

CVE-2024-7777 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary File Read And Deletion

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes i...