CVE-2024-1069 Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

CVE-2024-1069

CVE-2024-1069 affects the WordPress plugin “Contact Form Entries.” Versions up to and including 1.3.2 are vulnerable to arbitrary file uploads through insufficient validation in the view_page function. Authenticated attackers with administrator-level capabilities (or higher) can upload arbitrary ...

openBI Code Issues Vulnerabilities

openBI is a big data visualization solution from openBI. A code issue vulnerability exists in openBI prior to version 1.0.8, which stems from a problem in the index function of the /application/plugins/controller/Upload.php file, which could lead to unrestricted file uploads...

CVE-2024-23822 Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22)

Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as...

CVE-2024-23659

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...

CVE-2023-40051

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

EditorsKit < 1.40.4 - Authenticated (Administrator+) Arbitrary File Upload

Description The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, t...

Progress Software OpenEdge Code Issue Vulnerability

Progress Software OpenEdge is a suite of integrated development environments IDEs from the US-based Progress Software. A security vulnerability exists in Progress Software OpenEdge version 11.7 through 11.7.18 and version 12.2 through 12.2.13. An attacker could exploit this vulnerability to...

Order Export & Order Import for WooCommerce < 2.4.4 - Shop Manager+ Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the uploadimportfile function in all versions up to, and including, 2.4.3. This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files ...

CVE-2022-1538

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

CVE-2023-6979

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivoleimportuploadcsv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access...

CVE-2023-6636

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspbsavefiles' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level...

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2023-6220

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2023-6220

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

Input validation

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

Input validation

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspbsavefiles' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level...

Input validation

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivoleimportuploadcsv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access...