CVE-2023-47792

Cross-Site Request Forgery CSRF vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin = 2.1.1 versions...

CVE-2023-5673

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution...

CVE-2023-51252

PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...

CVE-2023-6558

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'uploadimportfile' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level...

CVE-2023-2505

The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files...

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

CVE-2023-37152

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability...

CVE-2023-3623

A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.ashx of the component Duty Module. The...

CVE-2023-33251

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...

CVE-2023-23594

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes...

CVE-2023-5822

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

CVE-2023-6635

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...

CVE-2023-6826

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

CVE-2023-6219

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above...

CVE-2023-6636

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspbsavefiles' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level...

CVE-2023-6825

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

CVE-2022-42029

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory...

CVE-2022-47928

In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/uploadfile.ctp...

WordPress plugin StoreKeeper for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...