WordPress ebook store cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress ebook store, which stems from a lack of file type validation in the ebookstoresaveform function and can be exploite...

VulnCheck KEV: CVE-2025-5394

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

Impact This vulnerability affects applications that: Use the ImageMagick handler for image processing imagick as the image library AND either: Allow file uploads with user-controlled filenames and process uploaded images using the resize method OR use the text method with user-controlled text...

GHSA-9952-GV64-X94C CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

Impact This vulnerability affects applications that: Use the ImageMagick handler for image processing imagick as the image library AND either: Allow file uploads with user-controlled filenames and process uploaded images using the resize method OR use the text method with user-controlled text...

CVE-2025-54418

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

CVE-2025-54418 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing imagick as the image library and either allow file uploads with user-controlled filenames and process...

Vulnerabilities fixed in Salesforce Tableau Server

Salesforce has fixed vulnerabilities in Salesforce Tableau Server Specifically for versions lower than 25.1.3, 2024.2.12, and 2023.3.19. The vulnerabilities include unauthorized access to data via user-controlled keys, authorization bypass, unrestricted file uploads of dangerous file types,...

Code-Projects Exam Form Submission 代码问题漏洞

Code-Projects Exam Form Submission is an open source exam form from Code-Projects. A code issue vulnerability exists in Code-Projects Exam Form Submission version 1.0, which stems from a misbehavior of the parameter image in file/register.php resulting in arbitrary file uploads...

CVE-2016-15046

A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...

CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded...

CVE-2025-7852

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...

CVE-2025-7437

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebookstoresaveform function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded...

CVE-2014-125115

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhashdata parameter, allowing attackers to extract administrator credentials or active session tokens via crafted...

CVE-2014-125115

CVE-2014-125115 affects Pandora FMS up to version 5.0 SP2. The mobile/index.php loginhash_data input is unsafely concatenated into SQL, enabling unauthenticated SQL injection to extract administrator credentials or session tokens. After bypassing authentication, a second vulnerability in the File...

CVE-2025-5831

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the makegooglefontoffline function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2015-10144

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary...

PT-2025-31206 · Undefined · Undefined

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash data parameter, allowing attackers to extract administrator credentials or active session tokens via crafted...

CVE-2025-45893

OpenCart 4.1.0.4 is affected by CVE-2025-45893: Stored XSS via unsanitized SVG uploads in the media manager (blog posts). Attackers can embed JavaScript in SVGs uploaded for posts; this can execute in a user’s browser when viewed. Root cause: insufficient sanitization of uploaded SVG files. CVSSv...