CVE-2025-4403

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supportedtype string and the uploaded filename without enforcing real extension or MIME checks within th...

CVE-2025-3455

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...

CVE-2024-11617

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetralanguageUpload' and 'zetrafontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary fil...

CVE-2025-4403

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supportedtype string and the uploaded filename without enforcing real extension or MIME checks within th...

WordPress plugin Envolve Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin 1 Click WordPress Migration Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

The vulnerability of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, relates to the unlimited download of dangerous files. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, lies in its ability to allow unlimited uploading of sensitive files. Exploiting this vulnerability could enable an attacker operating remotely to gain unauthorized...

CVE-2025-4279

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'externalimagereplacegetposts::replacepost' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...

CVE-2025-47549

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10...

Remote Code Execution (RCE)

yeswiki/yeswiki is vulnerable to Remote Code Execution RCE. The vulnerability is due to arbitrary file write, which allows attackers to upload PHP files that can be executed on the server...

ssm-erp 安全漏洞

ssm-erp is a production management ERP system by fenghaha individual developer. A security vulnerability exists in ssm-erp 0.0.1 and earlier versions, which stems from the mishandling of the parameter uploadFile by the function uploadFile, which could lead to arbitrary file uploads...

itsourcecode Content Management System 安全漏洞

itsourcecode Content Management System is an open source content management system from itsourcecode. A security vulnerability exists in version 1.0 of itsourcecode Content Management System, which originates from an improper operation of the parameter Cover Image in the file /admin/addtopic.php,...

PT-2025-19928 · Unknown · Production Ssm +1

Name of the Vulnerable Software and Affected Versions: feng ha ha/megagao ssm-erp and production ssm version 0.0.1 Description: A critical issue affects the uploadFile function in the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the uploadFi...

CVE-2025-4279

The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'externalimagereplacegetposts::replacepost' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...

WordPress plugin External image replace 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

newbee-mall 代码问题漏洞

newbee-mall is a newbee open source e-commerce system. A code issue vulnerability exists in version 1.0 of newbee-mall, which stems from improper handling of the parameter File in the file ltd/newbee/mall/controller/common/UploadController.java, which could lead to arbitrary file uploads...

OutSystems Multiple File Upload 安全漏洞

OutSystems Multiple File Upload is a native multiple file upload component for the OutSystems platform from OutSystems, Inc. A security vulnerability exists in OutSystems Multiple File Upload versions prior to 3.1.0 that stems from insufficient client-side authentication could result in the uploa...

CVE-2024-13418

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that c...

CVE-2024-13418

CVE-2024-13418 is tied to WordPress ecosystems where multiple plugins/themes (notably the Smart Framework family: Benaa, April, Beyot, Auteur; and related plugins) expose an Arbitrary File Upload vulnerability via a missing capability check in ajaxUploadFonts(). The issue allows authenticated att...

CVE-2025-1305

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...