PT-2025-1612

Name of the Vulnerable Software and Affected Versions The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 Description The issue is related to Stored Cross-Site Scripting via SVG File uploads due to...

Temporary File Retention

@fastify/multipart is vulnerable to Temporary File Retention. The vulnerability is due to the saveRequestFiles function failing to delete temporary uploaded files when a user cancels the request, allows an attacker to repeatedly initiate and cancel file uploads, leading to excessive disk space...

PT-2025-2176

Name of the Vulnerable Software and Affected Versions ThemeREX Addons plugin for WordPress versions up to, and including, 2.32.3 Description The issue is related to arbitrary file uploads due to missing file type validation in the trx addons uploads save data function. This allows unauthenticated...

Brave Desktop Browser Vulnerability Lets Malicious Sites Appear Trusted

A critical vulnerability in Brave Browser allows malicious websites to appear as trusted sources during file uploads/downloads. Learn…...

image_gallery 安全漏洞

imagegallery is an image gallery management system by the individual developer Md. Yamin Hossain of Bangladesh. A security vulnerability exists in version 1.0 of imagegallery, which stems from the mishandling of the image parameter by the Cover Image Handler component in the /admin/gallery.php...

CVE-2025-0357

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

CVE-2025-0357

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

CVE-2025-0357

The CVE-2025-0357 entry concerns the WordPress WPBookit plugin (versions up to 1.6.9). The underlying issue is insufficient file type validation in the function WPB_Profile_controller::handle_image_upload, permitting unauthenticated arbitrary file uploads on affected sites and potentially enablin...

WordPress plugin WPBookit 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

InnoShop 安全漏洞

InnoShop is an open source e-commerce system based on Laravel 11 by InnoShop Open Source. A security vulnerability exists in InnoShop V.0.3.8 and earlier versions, which stems from vulnerability to cross-site scripting XSS attacks via SVG file upload...

IBM Maximo Asset Management 安全漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

WordPress plugin Multi Uploader for Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress plugin Barcode Scanner with Inventory & Order Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-8722

The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Exploit for CVE-2024-52380

CVE-2024-52380-Exploit Picsmize plugin for WordPress is vulner...

CVE-2024-13333

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fmalocalfilesystem' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload...

Exploit for Improper Input Validation in Concretecms Concrete_Cms

CVE-2024-1247-PoC Post Saint = 1.3.1 plugin for WordPress...

CVE-2024-46668

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...

CVE-2024-46668

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...

CVE-2025-0394

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ghbigfileupload function in all versions up to, and including, 3.7.3.5. This makes it possible for...