PT-2025-30200 · Emby · Windows

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software is susceptible to unrestricted file uploads of dangerous types. This allows for the potential execution of malicious code or compromise of system...

PT-2025-30166

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description A critical issue exists in thinkgem JeeSite that allows for unrestricted file uploads. The Upload function within the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java ...

CVE-2015-10135

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...

CVE-2016-15043

The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...

CVE-2012-10019

The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote...

CVE-2025-6997

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trxaddonsgetsvgfromfile function on an...

CVE-2025-6997

CVE-2025-6997 : ThemeREX Addons for WordPress is vulnerable to a stored cross-site scripting (XSS) via SVG uploads in versions

WordPress plugin WP Mobile Detector 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-30132

Name of the Vulnerable Software and Affected Versions Work The Flow File Upload plugin for WordPress versions up to and including 2.5.2 Description The Work The Flow File Upload plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation in the...

PT-2025-30121 · WordPress · Themerex Addons

Name of the Vulnerable Software and Affected Versions: ThemeREX Addons versions prior to 2.35.1.2 Description: The ThemeREX Addons plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input sanitization and output escaping in the plugin’s SVG...

CVE-2025-7438

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'installandactivateplugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

WordPress Plugin BeeTeam368 Extensions Code Issue Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress plugin BeeTeam368 Extensions, which stems from a lack...

GHSA-7XQM-7738-642X File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

Summary A Denial of Service DoS vulnerability exists in the file processing logic when reading a file on endpoint Filebrowser-Server-IP:PORT/files/file-name . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations...

WordPress plugin Groundhogg 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

emlog 安全漏洞

emlog is emlog open source a PHP and MySQL based CMS website building system. A security vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient cleanup of the file upload feature and could lead to an authenticated user uploading a malicious svg file to execut...

CVE-2025-5394

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

EUVD-2025-21416

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

Tiki Wiki CMS Groupware 安全漏洞

Tiki Wiki CMS Groupware is an open source Wiki-based content management system and online office suite. A security vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier, which stems from improper validation of file types in the ELFinder component and could lead to arbitrary fil...

PT-2025-29536

Name of the Vulnerable Software and Affected Versions Alone – Charity Multipurpose Non-profit WordPress Theme versions 7.8.3 and earlier Description The Alone WordPress theme contains a critical vulnerability that allows unauthenticated attackers to upload malicious files, potentially leading to...

WordPress plugin Alone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...