CVE-2023-6316 MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2023-6220 Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2023-6316

The MW WP Form WordPress plugin is affected up to version 5.0.1, with insufficient file-type validation in the _single_file_upload function allowing unauthenticated uploads of arbitrary files and potentially remote code execution. Public sources consistently identify this vulnerability in MW WP F...

CVE-2023-6636 Greenshift – animation and page builder blocks <= 7.6.2 - Authenticated (Administrator+) Arbitrary File Upload

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspbsavefiles' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level...

CVE-2023-6636

The Greenshift – animation and page builder blocks plugin for WordPress (versions up to and including 7.6.2) is vulnerable to an arbitrary file upload due to missing file type validation in gspb_save_files. This requires authenticated access with Administrator privileges and could enable uploadin...

CVE-2023-6558 Export and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File Upload

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'uploadimportfile' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level...

CVE-2023-6979 Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivoleimportuploadcsv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access...

CVE-2023-6979

CVE-2023-6979 affects the WordPress plugin “Customer Reviews for WooCommerce.” The issue stems from missing file type validation in the ivole_import_upload_csv AJAX action, affecting all versions up to and including 5.38.9. An authenticated attacker with author-level access could upload arbitrary...

CVE-2023-51252

PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...

pyload Security Vulnerabilities

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. A security vulnerability exists in pyLoad version 0.5.0 that stems from vulnerability to unrestricted file uploads...

PT-2024-14851 · WordPress · Ni Purchase Order(Po) For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Ni Purchase OrderPO For WooCommerce WordPress plugin versions 1.2.1 and earlier Description: The issue allows high-privileged users to upload arbitrary files to the web server by not validating logo and signature image files uploaded in t...

PT-2024-3586 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: Suite CRM version 7.14.2 Description: The issue is related to a Local File Inclusion LFI vulnerability, which allows an attacker to include local PHP files. This can enable a remote attacker to run or open files on the web server without havi...

GHSA-G47J-3M2M-74QV Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticate...

Code injection

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...

Piotnet Forms Plugin < 1.0.29 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'piotnetformsajaxformbuilder' function, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

HCL Technologies DRYiCE MyXalytics Code Issue Vulnerability

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from a web application that allows the upload of specific files without user authentication...

CVE-2023-51421

Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2...

PT-2023-32254 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution...

WordPress Plugin Drag and Drop Multiple File Upload for WooCommerce Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Lightxun IPTV Gateway Code Issue Vulnerability

Lightxun IPTV Gateway is a gateway product from China Lightxun Technology Lightxun. A code issue vulnerability exists in Lightxun IPTV Gateway, which originates from some unknown processing in /ZHGXTV/index.php/admin/index/webuploadtemplate.html, which leads to unrestricted uploads via the...