CVE-2024-13622

The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...

CVE-2024-13622 File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the...

WordPress plugin File Uploads Addon for WooCommerce 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

WordPress File Uploads Addon for WooCommerce plugin <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin File Uploads Addon for WooCommerce versions = 1.7.1...

Exploit for Unrestricted Upload of File with Dangerous Type in Fileorganizer

CVE-2024-7985-PoC FileOrganizer = 1.0.9 - Authenticated S...

CVE-2024-10322

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

CVE-2024-13714

The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'getimagebyurl' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with...

CVE-2024-33529

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types...

CVE-2025-24865

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...

CVE-2024-56908

In Perfex Crm 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected uploadsalesfile endpoint. By providing malicious input in the relid parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directorie...

PT-2025-7040 · Myscada · Myscada Mypro Manager

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO Manager affected versions not specified Description: The administrative web interface of mySCADA myPRO Manager can be accessed without authentication, which could allow an unauthorized attacker to retrieve sensitive information...

CVE-2024-56940

An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service DoS via excessive file uploads...

CVE-2024-10649

wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The...

CVE-2024-13011

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

CVE-2024-10322

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-10322

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-10322

Brizy – Page Builder for WordPress is affected by CVE-2024-10322: a Stored Cross-Site Scripting vulnerability via REST API SVG file uploads in all versions up to 2.6.8. The root cause is insufficient input sanitization and output escaping, enabling authenticated attackers with Author-level access...

CVE-2024-10960

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-10960

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...