CVE-2024-8538 Big File Uploads <= 2.1.2 - Authenticated (Author+) Full Path Disclosure

The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with...

CVE-2024-8538 Big File Uploads <= 2.1.2 - Authenticated (Author+) Full Path Disclosure

The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with...

CVE-2024-8538

CVE-2024-8538 affects the WordPress plugin Big File Uploads – Increase Maximum File Upload Size (versions

PT-2024-38457 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import plugin for WordPress versions up to, and including, 0.9.7 Description: The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import...

WordPress plugin Ninja Forms - File Uploads 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Big File Uploads 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

za-internet C-MOR Video Surveillance 安全漏洞

za-internet C-MOR Video Surveillance is a network video surveillance system from the German company za-internet. A security vulnerability exists in za-internet C-MOR Video Surveillance version 5.2401, which stems from improper input validation and results in unrestricted file uploads...

CVE-2024-8046

CVE-2024-8046 affects the WordPress plugin Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid . The vulnerability is a Stored Cross-Site Scripting (XSS) via SVG file uploads in all versions up to 1.4.1, caused by insufficient input sanitization and output escaping. It can be exploite...

PT-2024-37532 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.7.3.2 Description: The issue is related to arbitrary file uploads due to missing file type validation in the af2 add font function. This allows authenticated attackers wit...

SourceCodester Zipped Folder Manager App 代码问题漏洞

SourceCodester Zipped Folder Manager App is an open source zipped folder manager application from SourceCodester. A code issue vulnerability exists in version 1.0 of the SourceCodester Zipped Folder Manager App that stems from improper handling of the parameter folder, resulting in unrestricted...

CVE-2024-7559 File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mkfilefoldermanager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-6870

The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rluploadimage AJAX endpoint. This makes it possible for...

CVE-2024-7778

CVE-2024-7778 affects Orbit Fox by ThemeIsle for WordPress. It is a Stored XSS via SVG file uploads in all versions up to and including 2.10.36 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author level or higher, and injected scripts ex...

CVE-2024-7384

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acymextractArchive function in all versions up to, and including, 9.7.2. This makes it possible fo...

CVE-2024-7384

CVE-2024-7384 affects AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress. All versions up to 9.7.2 are vulnerable due to missing file type validation in the acym_extractArchive function, allowing authenticated attackers with Subscriber-level access and abov...

EUVD-2024-48320

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acymextractArchive function in all versions up to, and including, 9.7.2. This makes it possible fo...

WordPress plugin AcyMailing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031

The Opigno TinCan Question Type module is related to Opigno LMS distribution. The module adds a new question type for the Quiz module. With this new question type, you will be able to import TinCan Packages to your Drupal instance and to use it as a question. Uploaded files were not sufficiently...

CVE-2024-7775

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...

CVE-2022-1206

The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotateinsertmedia function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attacker...