CVE-2024-12881 PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation

The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eospluginreviewsrestoreversion function in all versions up to, and including, 0.0.7. This makes it possible for authenticat...

CVE-2024-12881

The CVE affects PlugVersions – Easily rollback to previous versions of your plugins (WordPress plugin). Root cause: missing capability check in eos_plugin_reviews_restore_version() across all versions up to 0.0.7, enabling authenticated users with Subscriber+ privileges to create arbitrary files ...

PT-2024-17773 · WordPress · Plugversions

Name of the Vulnerable Software and Affected Versions: PlugVersions plugin for WordPress versions up to, and including, 0.0.7 Description: The issue is related to a missing capability check on the eos plugin reviews restore version function, allowing authenticated attackers with Subscriber-level...

Vulnerabilities fixed in IBM Cognos Analytics

IBM fixed vulnerabilities in IBM Cognos Analytics The vulnerability in IBM Cognos Analytics arises from improper validation of file extensions, allowing remote attackers to upload arbitrary files. This security issue can lead to the execution of malicious code on the affected system, posing a...

CVE-2024-9619

The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-9619

CVE-2024-9619 affects the WP SHAPES WordPress plugin. The vulnerability is Stored Cross-Site Scripting via SVG file uploads in all versions up to 1.0.0, caused by insufficient input sanitization and output escaping. It requires authenticated access at Author level or higher to exploit. The connec...

CVE-2024-9619 WP SHAPES <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-55513

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadnetaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permission...

CVE-2024-9698

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'processuploadedfiles' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and...

CVE-2024-11095

The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-11095 Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-9290

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibkrestoremigratecheck function in all versions up to, and including, 2.3.3. This makes it possible for...

WordPress plugin Import Export For WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

WordPress plugin AR for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-36143 · Woocommerce · Import Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Import Export For WooCommerce versions 1.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation...

CVE-2024-10590

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the adminupload function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

CVE-2024-50625

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when...

CVE-2024-12348 Guizhou Xiaoma Technology jpress Attachment Upload upload AttachmentUtils.isUnSafe cross site scripting

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files leads to cross si...

CVE-2024-50625

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when...

PT-2024-34365 · Digi · Digi Connectport Lts

Name of the Vulnerable Software and Affected Versions: Digi ConnectPort LTS versions prior to 1.4.12 Description: A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests to API endpoints such as /file/upload. This can lead to arbitrary...