The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW secure access control system allows a perpetrator to upload arbitrary files and execute arbitrary code.

The vulnerability of the Firmware Upload Handler component of the Siemens RUGGEDCOM CROSSBOW access control system is related to incorrect external manipulation of file names or files. Exploiting this vulnerability allows a malicious actor to upload arbitrary files and execute arbitrary code...

CVE-2024-6896

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-6896

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-6756

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...

CVE-2024-6756

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...

CVE-2024-6828

CVE-2024-6828 (Redux Framework, WordPress): The Redux Framework plugin versions 4.4.12–4.4.17 are vulnerable to unauthenticated JSON file uploads due to missing authorization/capability checks in the Redux_Color_Scheme_Import function, enabling stored XSS and, in rare cases when wp_filesystem fai...

CVE-2024-6848

CVE-2024-6848 affects the WordPress plugin “Post and Page Builder by BoldGrid – Visual Drag and Drop Editor” up to version 1.26.6. The issue is Stored Cross-Site Scripting via file uploads, caused by insufficient input sanitization and output escaping on the boldgrid_canvas_image AJAX endpoint. A...

CVE-2024-3242

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

PT-2024-24556 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.43 Brizy – Page Builder plugin for WordPress version 2.4.44 Description: The issue is related to arbitrary file uploads due to missing file extension validation in t...

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

VulnCheck KEV: CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

The vulnerability of the Upload Data module in the Splunk Web interface of the Splunk Enterprise operational analytics platform allows a hacker to write arbitrary files.

The vulnerability of the Upload Data module in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the unlimited uploading of dangerous types of files. Exploiting this vulnerability allows a malicious actor to upload any type of file...

[SECURITY] Fedora 39 Update: python-urllib3-1.26.19-1.fc39

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

WordPress plugin Realtyna Organic IDX plugin Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-28180 · Realtyna · Realtyna Organic Idx Plugin

Name of the Vulnerable Software and Affected Versions: Realtyna Organic IDX plugin versions n/a through 4.14.13 Description: The issue affects the Realtyna Organic IDX plugin, allowing for the unrestricted upload of files with dangerous types, which can lead to code injection. Recommendations: Fo...

CVE-2023-7061

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make...

CVE-2023-7061

CVE-2023-7061 affects the Advanced File Manager Shortcodes plugin for WordPress. The vulnerability allows authenticated attackers with contributor-level access or higher to upload arbitrary files, which may lead to remote code execution on the affected site. Wordfence reports the issue as patched...

CVE-2024-6314

The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'processimageupload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6313

The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...