PT-2024-34303

Name of the Vulnerable Software and Affected Versions: Multi Purpose Mail Form versions n/a through 1.0.2 Description: The issue allows users to upload dangerous files, potentially leading to a web server compromise by uploading a web shell. This can happen due to an unrestricted upload of file...

PT-2024-34309 · Unknown · Rsvpmaker For Toastmasters

Name of the Vulnerable Software and Affected Versions: RSVPMaker for Toastmasters versions prior to 6.2.4 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This poses a risk of web server compromise...

PT-2024-16220 · WordPress · The Otter Blocks – Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress versions up to, and including, 3.0.4 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to...

The vulnerability of the YouGile project management service lies in the lack of file upload restrictions, which allows a hacker to execute arbitrary code.

The vulnerability of the YouGile project management service lies in the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-49674

Cross-Site Request Forgery CSRF vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through = 2.2.1...

CVE-2024-9165

CVE-2024-9165 : Gift Cards (WooCommerce Supported) WordPress plugin contains a stored XSS via SVG file uploads in all versions

EUVD-2024-33082

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleimageupload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

WordPress plugin AI Power: Complete AI Pack 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-9388

The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

PT-2024-34154

Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.2 Description: The issue arises from a broken logic in handling Supplemental Files, allowing unsafe files with Javascript to be executed within the application context. An attacker can exploit this by...

CVE-2024-5982

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the loadchathistory function in...

CVE-2024-5982

CVE-2024-5982 affects gaizhenbiao/chuanhuchatgpt. Vulnerabilities stem from unsanitized user input used with directory paths via os.path.join, impacting: load_chat_history (arbitrary file uploads potentially enabling RCE), get_history_names (arbitrary directory creation), and load_template (possi...

CVE-2024-9376

The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-34201 · WordPress · Surveyjs: Drag & Drop Wordpress Form Builder

Name of the Vulnerable Software and Affected Versions: SurveyJS: Drag & Drop WordPress Form Builder versions 1.9.136 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability. This means that the software may allow uploading files of dangero...

PT-2024-34261 · Unknown · Mahlamusa Multi Purpose Mail Form

Name of the Vulnerable Software and Affected Versions: Mahlamusa Multi Purpose Mail Form versions 1.0.2 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling an attacker to upload a web shell to a web server. Recommendations: For...

WordPress plugin aDirectory 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Ajar in5 Embed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Multi Purpose Mail Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress plugin Automatic Translation 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress plugin Woocommerce Product Design 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...