CVE-2025-4391

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echogeneratefeaturedimage function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files...

WordPress plugin WPAMS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin WPAMS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-22068

Name of the Vulnerable Software and Affected Versions: Multer versions prior to 2.0.0 Description: The issue is related to improper stream handling in Multer, a node.js middleware for handling multipart/form-data. This leads to a resource exhaustion and memory leak issue when the HTTP request...

CVE-2025-4190

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2025-4190

CVE-2025-4190 affects the WordPress plugin CSV Mass Importer (v ≤ 1.2). The issue is improper validation of uploaded files, allowing high-privilege users (e.g., admins) to upload arbitrary files on the server (notably in multisite setups). Several sources confirm an admin+ arbitrary file upload v...

CVE-2025-4391 Echo RSS Feed Post Generator <= 5.4.8.1 - Unauthenticated Arbitrary File Upload

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echogeneratefeaturedimage function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files...

WordPress plugin Echo RSS Feed Post Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Crawlomatic Multipage Scraper Post Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

XML External Entity (XXE) Injection

sulu/sulu is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML DOM library processing external entities when SVG files are uploaded without properly disabling or restricting external XML entity loading, allows malicious SVG files to include references to externa...

CampCodes Sales and Inventory System 代码问题漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. A code issue vulnerability exists in version 1.0 of the CampCodes Sales and Inventory System, which stems from improper handling of the parameter Picture in the file /pages/product.php, which could lead to...

CVE-2025-4317

The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegemgetlogourl function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary...

CVE-2025-3917

The 百度站长SEO合集支持百度/神马/Bing/头条推送 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the downloadremoteimagetomedialibrary function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary...

PT-2025-21257 · WordPress · 百度站长Seo合集

Name of the Vulnerable Software and Affected Versions: 百度站长SEO合集 plugin for WordPress versions up to, and including, 2.0.6 Description: The issue is related to arbitrary file uploads due to missing file type validation in the download remote image to media library function. This allows...

CVE-2024-8988

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the filedownload REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-8988 PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the filedownload REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

CVE-2024-8988

CVE-2024-8988 concerns PeepSo Core: File Uploads for WordPress. It allows an unauthenticated attacker to exploit an Insecure Direct Object Reference via the file_download REST endpoint due to missing validation on a user-controlled key, enabling download of files uploaded by other users. Affected...

CVE-2024-8988 PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download

The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the filedownload REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

WordPress plugin PeepSo Core File Uploads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2025-4317

The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegemgetlogourl function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary...