CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2024-13498 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2024-13498 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2025-2216 zzskzy Warehouse Refinement Management System SaveCrash.ashx UploadCrash unrestricted upload

A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be...

CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...

CVE-2025-24813

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

WordPress plugin ThemeEgg ToolKit 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

GHSA-83QJ-6FR2-VHQG Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

CVE-2024-13805

The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

CVE-2024-13882

The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomaticgeneratefeaturedimage' function in all versions up to, and including, 2.3.8. This makes...

CVE-2024-13882

The CVE-2024-13882 entry for Aiomatic (WordPress plugin) is supported by multiple connected sources indicating a concrete vulnerability: arbitrary file uploads due to missing file-type validation in aiomatic_generate_featured_image in all versions up to 2.3.8, exploitable by authenticated users w...

CVE-2024-13908

The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveoptions' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2024-13908

CVE-2024-13908 pertains to the WordPress plugin SMTP by BestWebSoft, where arbitrary file uploads are possible due to missing file type validation in the save_options function across versions up to 1.1.9. The vulnerability requires authenticated Administrator+-level access to exploit and may enab...

WordPress plugin Product Input Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2025-10421 · WordPress · The Aiomatic

Name of the Vulnerable Software and Affected Versions: The Aiomatic - Automatic AI Content Writer & Editor plugin for WordPress versions up to, and including, 2.3.8 Description: The issue is related to arbitrary file uploads due to missing file type validation in the aiomatic generate featured...

CVE-2024-13805

CVE-2024-13805 concerns the Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin for WordPress. It is reported as vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 5.2.14 due to insufficient input sanitization and out...