[20250301] - Core - Malicious file uploads via Media Manager

Joomla! CMS versions 4.0.0-4.4.11, 5.0.0-5.2.4...

CVE-2024-13869

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

CVE-2024-10222

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2024-13379

The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

SourceCodester Best Employee Management System 代码问题漏洞

SourceCodester Best Employee Management System is a SourceCodester open source employee management system. A code issue vulnerability exists in SourceCodester Best Employee Management System version 1.0, which stems from a lack of restrictions in the upload process, resulting in arbitrary file...

SourceCodester E-Learning System 代码问题漏洞

SourceCodester E-Learning System is a SourceCodester open source e-learning system. A code issue vulnerability exists in SourceCodester E-Learning System version 1.0, which stems from allowing unlimited file uploads...

EUVD-2025-4422

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadfiles' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with...

CVE-2024-10222

The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2024-10222

CVE-2024-10222 affects the WordPress SVG Support plugin (versions up to 2.5.10). Root cause: insufficient input sanitization and output escaping for SVG uploads, enabling Stored XSS. Impact: authenticated attackers with Author-level access (potentially extended to Authors) can inject arbitrary sc...

CVE-2024-13379

The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-13379

CVE-2024-13379 affects the C9 Admin Dashboard WordPress plugin (versions

PT-2025-7320 · WordPress · Svg Support Plugin

Name of the Vulnerable Software and Affected Versions: SVG Support plugin for WordPress versions up to and including 2.5.10 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

Education and Training System 代码问题漏洞

Education and Training System is an education and training system by the individual developer hzmanyun. A code issue exists in Education and Training System version 3.1.1, which stems from a lack of restrictions in the upload process, resulting in arbitrary file uploads...

CVE-2025-0817

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2024-13622

The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...

CVE-2025-0817

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2025-0817 FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2025-0817

CVE-2025-0817 affects the WordPress plugin FormCraft (WordPress) and is a Stored Cross-Site Scripting vulnerability via SVG file uploads. Root cause: insufficient input sanitization and output escaping for SVG uploads in all versions up to 3.9.11. Impact: unauthenticated attackers can inject web ...

CVE-2024-13622

The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...