CVE-2020-36705 Adning Advertising <= 1.5.5 - Arbitrary File Upload

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

CVE-2020-36705

CVE-2020-36705 affects the WordPress Adning Advertising plugin up to version 1.5.5. The vulnerability stems from missing file-type validation in the internal _ning_upload_image function, allowing unauthenticated attackers to upload arbitrary files to the server, with the potential for remote code...

CVE-2022-4949

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

CVE-2016-15033

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

CVE-2019-25138

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

Input validation

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

Code injection

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...

Input validation

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

Input validation

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

CVE-2021-4382 Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetchexternalimage function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server whic...

CVE-2021-4382 Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetchexternalimage function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server whic...

CVE-2022-4949 AdSanity < 1.8.2 - Authenticated Arbitrary File Upload

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

CVE-2016-15033 Delete All Comments <= 2.0 - Arbitrary File Upload

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

CVE-2019-25138 User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload

The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

CVE-2019-25138

The CVE-2019-25138 entry concerns the WordPress plugin “User Submitted Posts.” Affected component: usp_check_images, vulnerable through missing file type validation in versions up to and including 20190312. Impact: unauthenticated attackers can upload arbitrary files to the server, with potential...

CVE-2020-36701 Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...

WordPress Plugin Recently 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Adning Advertising 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Adning Advertising suffers...

WordPress Plugin Delete All Comments 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Page Builder: KingComposer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...