CVE-2025-3054

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

PT-2025-23894 · WordPress · Wp User Frontend Pro

Name of the Vulnerable Software and Affected Versions: WP User Frontend Pro plugin for WordPress versions up to, and including, 4.1.3 Description: The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload files function...

Cisco Identity Services Engine（Cisco ISE）和Cisco ISE Passive Identity Connector 访问控制错误漏洞

Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of Cisco, Inc.Cisco Identity Services Engine is an environment-aware platform ISE Cisco Identity Services Engine is an environment-aware platform ISE. The platform oversees the network by collectin...

CVE-2025-4392

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitizefile function. This...

CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitizefile function. This...

CVE-2025-4392

The CVE-2025-4392 entry concerns the WordPress plugin Shared Files – Frontend File Upload Form & Secure File Sharing. Affected versions: up to 1.7.48. Root cause: insufficient input sanitization and output escaping in the sanitize_file() function, allowing unauthenticated stored XSS via html file...

CVE-2025-1725

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it...

PT-2025-23590 · Unknown · Bit File Manager

Name of the Vulnerable Software and Affected Versions: The Bit File Manager versions up to, and including, 6.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

Umbraco 代码问题漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A code issue vulnerability exists in Umbraco versions prior to 14.0.0 through 15.4.2 and prior to 16.0.0, which stems from the ability to upload files that do not match the configured allowable file...

juzaweb CMS allows cross-site scripting by uploading an SVG file

A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can...

CVE-2025-4963

The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2025-4800

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

FreeScout 代码问题漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout, Inc. A code issue vulnerability exists in FreeScout versions prior to 1.8.179, which stems from insufficient file upload checks and could lead to remote code...

Security Bulletin: IBM Watson Discovery Cartridge is affected by vulnerability in tomcat-embed-core-10.1.33.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-10.1.33.jar Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to...

CVE-2025-4963

The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2025-4800

The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stmlmsaddassignmentattachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access an...

PT-2025-23049 · WordPress · Masterstudy Lms Pro

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS Pro plugin for WordPress versions up to, and including, 4.7.0 Description: The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm lms add assignmen...

SourceCodester Client Database Management System 代码问题漏洞

SourceCodester Client Database Management System is a SourceCodester open source client database management system. A code issue vulnerability exists in SourceCodester Client Database Management System version 1.0, which stems from improper handling of the uploadedfilecancelled parameter in the...