WordPress plugin Verbalize WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2024-10201

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells...

PT-2024-33470 · Vivek Tamrakar · Wp Rest Api Fns

Name of the Vulnerable Software and Affected Versions: Vivek Tamrakar WP REST API FNS versions 1.0.0 and earlier Description: The issue allows attackers to upload harmful content, including web shells, to a web server due to an Unrestricted Upload of File with Dangerous Type vulnerability. This c...

CVE-2024-9674

The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-9674

CVE-2024-9674 relates to the Debrandify – Remove or Replace WordPress Branding plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via SVG file uploads in all versions up to 1.1.2, caused by insufficient input sanitization and output escaping. An attacker with Author-le...

CVE-2024-9848

The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

CVE-2024-9373

The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

CVE-2024-8916

The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-8916

CVE-2024-8916 affects the WordPress plugin Suki Sites Import (WordPress). The vulnerability is a Stored Cross-Site Scripting (XSS) via SVG file uploads caused by insufficient input sanitization and output escaping. It applies to all versions up to and including 1.2.1. The attack requires authenti...

CVE-2024-9848

CVE-2024-9848 affects the WordPress plugin Product Customizer Light (versions up to and including 1.0.0). The vulnerability is a Stored Cross-Site Scripting (XSS) via SVG file uploads caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker wi...

CVE-2024-49398

The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code...

CVE-2024-8920

The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

PT-2024-33508 · Elvaco · M-Bus Metering Gateway Cme3100 +1

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The issue concerns unrestricted file uploads, which may allow an attacker to remotely execute code. This can potentially lead to an attacker running code from a remote location...

PT-2024-39885 · WordPress · Product Customizer Light

Name of the Vulnerable Software and Affected Versions: Product Customizer Light plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

PT-2024-16025 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version 0.2.2 and possibly earlier Description: A stored cross-site scripting XSS issue exists, allowing an attacker to upload an HTML file with a malicious XSS payload via the "/api/upload/image" endpoint. The payload ...

CVE-2024-8921

The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

CVE-2024-9444

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

CVE-2024-9444

CVE-2024-9444 : The ElementsReady Addons for Elementor WordPress plugin is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 6.4.3 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author leve...

CVE-2020-36842

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvividuploadimportfiles and wpvividuploadfiles AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently...

CVE-2020-36842

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvividuploadimportfiles and wpvividuploadfiles AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently...