CVE-2024-10960 Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

CVE-2024-13714

The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'getimagebyurl' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with...

CVE-2024-13714

CVE-2024-13714 affects The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress (versions up to 1.0.4). The root cause is missing file type validation in the _get_image_by_url function, allowing authenticated users with Subscriber+ privileges to upload arbitrary files to t...

PT-2025-6458

Name of the Vulnerable Software and Affected Versions Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.149 Description The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and...

WordPress plugin Brizy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Q-Free MAXTIME Suite 代码问题漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A code issue vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from files uploaded without restrictions on dangerous types. An attacker could exploit the vulnerabili...

PT-2025-6732 · Learndash · Learndash

Name of the Vulnerable Software and Affected Versions: LearnDash version 6.7.1 Description: An issue in the profile image upload function of LearnDash allows attackers to cause a Denial of Service DoS via excessive file uploads. Recommendations: For LearnDash version 6.7.1, consider restricting...

CVE-2024-56940

An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service DoS via excessive file uploads...

CVE-2024-10649

wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The...

CVE-2024-13011

CVE-2024-13011 applies to the WordPress plugin WP Foodbakery and is described as an unauthenticated, arbitrary file upload vulnerability stemming from insufficient validation in the upload_publisher_profile_image function for versions up to 4.7. The Wordfence entry explicitly notes the impact cou...

WordPress plugin WP Foodbakery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-6083 · WordPress · Wp Foodbakery

Name of the Vulnerable Software and Affected Versions: WP Foodbakery plugin for WordPress versions up to and including 4.7 Description: The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the upload publisher profile image...

The vulnerability of the OTRS request processing system, related to incorrect handling of HTTP request headers, allows a hacker to upload arbitrary files.

The vulnerability of the OTRS request processing system is related to the improper handling of HTTP request headers due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to upload arbitrary files...

CVE-2025-24372

CKAN is an open-source DMS data management system for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could...

CVE-2021-4354

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwpsplashscreenuploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites...

CVE-2021-4382

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetchexternalimage function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server whic...

CVE-2021-4449

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may...

CVE-2025-0394

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ghbigfileupload function in all versions up to, and including, 3.7.3.5. This makes it possible for...

CVE-2025-0357

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...