PT-2024-35165 · Unknown · Common-User-Management

Name of the Vulnerable Software and Affected Versions: common-user-management affected versions not specified Description: The issue concerns a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture, which allows file uploads without proper validation or...

WordPress plugin Picsmize 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2024-10820

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

CVE-2024-10820

CVE-2024-10820 : The WooCommerce Upload Files plugin for WordPress (versions ≤ 84.3) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in upload_files(). This could allow an attacker to upload arbitrary files to the server and may enable remote code execu...

CVE-2024-9426

The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2024-10323

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

CVE-2024-10323

JetWidgets For Elementor (WordPress) is affected by a Stored XSS via REST API SVG File Upload in all versions up to 1.0.18. Root cause: insufficient input sanitization and output escaping. Exploitation requires Author-level access or higher and can inject scripts that run when the SVG is viewed. ...

CVE-2024-10790

CVE-2024-10790 affects the WordPress plugin Admin and Site Enhancements (ASE) up to version 7.5.1 . It allows a Stored Cross-Site Scripting (XSS) via SVG file uploads due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with custom-level acce...

CVE-2024-10790 Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG

The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level...

Siemens SINEC INS 路径遍历漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. A path traversal vulnerability exists in Siemens SINEC INS, which stems from not properly clearing user-supplied paths for sftp-based file uploads and downloads, and can be...

ALSA-2024:9457 Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

Moderate: python3.12-urllib3 security update

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: • Thread safety. • Connection pooling. • Client-side SSL/TLS verification. • File uploads with multipart encoding. • Helpers for retrying request...

WordPress plugin Audio Record 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2024-34918

Name of the Vulnerable Software and Affected Versions Made I.T. Forms versions from n/a through 2.8.0 Description The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to remote code execution RCE. The...

CVE-2024-10801

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...

CVE-2024-10547

The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the userprofileimageupload function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-10547

CVE-2024-10547 (WP Membership, WordPress) is documented with concrete details: the WP Membership plugin (all versions up to and including 1.6.2) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in user_profile_image_upload(). This can allow an attacker t...

CVE-2024-10627

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary fil...

CVE-2024-8960

The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-8960

CVE-2024-8960: Cowidgets – Elementor Addons for WordPress suffers Stored Cross-Site Scripting via SVG uploads in all versions