3575 matches found
CVE-2016-15042
The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...
CVE-2020-36842
CVE-2020-36842 — WPvivid WordPress plugin : The Migration, Backup, Staging WPvivid plugin is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions. This allows low‑level authenticated attackers to upload zip...
CVE-2016-15042
The CVE-2016-15042 issue affects WordPress plugins Frontend File Manager (<4.0) and N-Media Post Front-end Form (
CVE-2024-8746
The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...
CVE-2021-4449
The ZoomSounds WordPress plugin (versions up to and including 5.96) contains a file upload vulnerability in savepng.php due to missing file type validation. This allows unauthenticated attackers to upload arbitrary files on the vulnerable site’s server, with potential remote code execution. CVE-2...
WordPress plugin Migration, Backup, Staging – WPvivid 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Migration,...
WordPress plugin Azz Anonim Posting 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
PT-2024-33380
Name of the Vulnerable Software and Affected Versions Shafiq Digital Lottery versions 3.0.5 and earlier Description The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to...
PT-2024-33399 · WordPress · Wordpress Gallery Plugin
Name of the Vulnerable Software and Affected Versions: Limb WordPress Gallery Plugin – Limb Image Gallery versions 1.5.7 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, allowing Code Injection in the Limb Image Gallery Plugin. This enables...
PT-2024-39062 · WordPress · File Manager Pro
Name of the Vulnerable Software and Affected Versions: File Manager Pro plugin for WordPress versions up to, and including, 8.3.9 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'mk file folder manager' ajax action. This allows...
CVE-2024-9904
CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...
CVE-2024-9756
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoaaddattachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2024-9756
The Order Attachments for WooCommerce plugin (WordPress) is affected by CVE-2024-9756 due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0–2.4.1. This allows authenticated users with subscriber-level access and above to upload limited file types. Exploitation d...
CVE-2024-9656
The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
SUSE CVE-2024-47164
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...
CVE-2024-9234
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to,...
CVE-2024-47872
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
PYSEC-2024-220
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
CVE-2024-47164
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...
PYSEC-2024-213
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...