3575 matches found
CVE-2024-5567
Betheme (WordPress theme)
CVE-2024-7863
The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...
PT-2024-38909 · Xcc · Xcc
Name of the Vulnerable Software and Affected Versions: XCC affected versions not specified Description: A privilege escalation issue was discovered that could allow a valid, authenticated user with elevated privileges to perform command injection via specially crafted file uploads. This can enabl...
CVE-2024-7961
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution...
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP BigUp Plugin Unauthenticated RCE', 'Description' = %q This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP...
SPIP BigUp Plugin Unauthenticated RCE
This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart form data in...
PT-2024-10211 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.0 through 6.4.15 FortiOS versions 7.0.0 through 7.0.15 FortiOS versions 7.2.0 through 7.2.8 FortiOS versions 7.4.0 through 7.4.4 Description: The issue is related to an allocation of resources without limits or throttling...
CVE-2024-7770
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...
WordPress Ninja Forms File Uploads plugin <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability
Unauthenticated Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Ninja Forms File Uploads Extension versions = 3.3.16...
WordPress Big File Uploads plugin <= 2.1.2 - Authenticated (Author+) Full Path Disclosure vulnerability
Authenticated Author+ Full Path Disclosure vulnerability discovered by netc4t in WordPress Plugin Big File Uploads versions = 2.1.2...
WordPress Ninja Forms File Uploads Extension Plugin <= 3.3.16 is vulnerable to Cross Site Scripting (XSS)
Software Ninja Forms File Uploads Extension Type Plugin Vulnerable versions = 3.3.16 Fixed in 3.3.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1596 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 261b89d2f6fa Credi...
WordPress Big File Uploads Plugin <= 2.1.2 is vulnerable to Full Path Disclosure (FPD)
Software Big File Uploads Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-8538 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7d70a0318727 Credits netc4t Required privileg...
CVE-2024-7620
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2024-1596
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. RTX file in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2024-1596
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. RTX file in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2024-1596 Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. RTX file in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2024-1596
Summary of CVE-2024-1596 (Ninja Forms - File Uploads, WordPress) Root cause: Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Ninja Forms - File Uploads plugin for WordPress. Affected versions: all up to and including 3.3.16. Impact: unauthenticated at...
CVE-2024-8538
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with...
CVE-2024-6849
The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-6849
The CVE-2024-6849 entry concerns the WordPress plugin Preloader Plus – WordPress Loading Screen Plugin, affected in all versions up to and including 2.2.1. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping during SVG file u...