CVE-2024-1468 Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with...

CVE-2024-1468 Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with...

CVE-2024-1468

The CVE-2024-1468 entry concerns the Avada WordPress theme (

CVE-2023-25921

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620...

IBM Security Guardium Code Issue Vulnerability

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as customized UI, report management and streamlined audit process building. A code issue vulnerability exists in IBM Security...

PT-2024-18072 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to, and including, 7.11.4 Description: The issue is related to arbitrary file uploads due to missing file type validation in the ajax import options function...

CVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

WordPress Plugin Icons Font Loader Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2024-18241 · WordPress · Addon Library

Name of the Vulnerable Software and Affected Versions: Addon Library plugin for WordPress versions up to, and including, 1.3.76 Description: The issue is related to a missing capability check on the onAjaxAction function action, allowing authenticated attackers with subscriber-level access and...

Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Arbitrary File Upload

Description The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to...

IBM Trusteer Code Issue Vulnerability

IBM Trusteer is a suite of security solutions from International Business Machines IBM focused on providing security tools for cybercrime prevention and end-user protection. IBM Trusteer has a code issue vulnerability that stems from the presence of certain undisclosed issues that could allow fil...

GHSA-9W99-78RJ-HMXQ Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...

CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

Exploit for Path Traversal in Gl-Inet Gl-Ax1800_Firmware

GL-AX1800 Router Security Assessment Report Overview This...

CVE-2024-23811

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution...