WordPress plugin SurveyJS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2024-34259 · Unknown · Woocommerce Product Design

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Design versions prior to 1.0.0 Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling an attacker to upload a web shell to a web server. Recommendations: For versions...

ChuanhuChatGPT 路径遍历漏洞

ChuanhuChatGPT is an application by the individual developer Chuan Hu. It provides a fast and easy-to-use web graphical interface and many additional features for various LLMs such as ChatGPT. A path traversal vulnerability exists in ChuanhuChatGPT, which stems from the presence of a path travers...

PT-2024-34273 · Widgilabs · Widgilabs Plugin Propagator

Name of the Vulnerable Software and Affected Versions: WidgiLabs Plugin Propagator versions 0.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized acces...

PT-2024-16257 · Sourcecodester · Sourcecodester Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Hotel Reservation System version 1.0 Description: A critical issue has been found in the function upload of the file /guest/update.php, where the manipulation of the image argument leads to unrestricted upload. This issu...

CVE-2024-9116

The Monkee-Boy Essentials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-9853

The ID-SK Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

CVE-2024-9642

The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

CVE-2024-9932

The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbtinsertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-9454

The PriPre plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-9454

CVE-2024-9454 (PriPre) is a Stored Cross-Site Scripting vulnerability in the PriPre WordPress plugin up to version 0.4.11, exploitable by authenticated users with Author-level access or higher via SVG file uploads. The issue stems from insufficient input sanitization and output escaping in the SV...

WordPress plugin Wux Blog Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-10016

CVE-2024-10016 affects the File Upload Types by WPForms WordPress plugin. A stored XSS was reported via SVG file uploads in all versions

CVE-2024-10011

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended...

CVE-2024-10011

CVE-2024-10011 (BuddyPress

CVE-2024-10011 BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended...

PT-2024-15976 · Wpforms · File Upload Types

Name of the Vulnerable Software and Affected Versions: File Upload Types by WPForms plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allo...

CVE-2024-8959

The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-8959

CVE-2024-8959 - WP Adminify (WordPress Plugin) Affected: WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer (versions

WordPress plugin INK Official 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...