CVE-2025-1028

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

CVE-2025-1307

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2024-2667

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

CVE-2024-2624

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

CVE-2024-2381

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxsaveimage function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level acces...

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

WordPress plugin Drag and Drop Multiple File Upload – Contact Form 7 代码问题漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

LibreChat 安全漏洞

LibreChat is a free, highly customizable, unified AI conversation platform open-sourced by LibreChat, capable of aggregating and running large models from any vendor in a single interface. A security vulnerability exists in LibreChat version 0.8.1-rc2, which stems from improper access control for...

WordPress plugin WP Enable WebP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-9637

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticat...

CVE-2025-9637

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticat...

PT-2026-1430

Name of the Vulnerable Software and Affected Versions Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress versions prior to and including 10.3.1 Description The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is susceptible to unauthorized...

WordPress plugin Shopo 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EmpireSoft EmpireCMS 代码问题漏洞

EmpireSoft EmpireCMS Empire Content Management System is an open source content management system CMS from EmpireSoft. A code issue vulnerability exists in EmpireSoft EmpireCMS version 8.0 and prior versions, which stems from an incorrect operation of the function CheckSaveTranFiletype in the fil...

PT-2026-1042

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions prior to 8.0 Description A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the CheckSaveTranFiletype function within the e/class/connect.php file. Successful...

Code-Projects Content Management System 代码问题漏洞

Code-Projects Content Management System is a Code-Projects open source content and management system. A code issue vulnerability exists in Code-Projects Content Management System version 1.0, which stems from an incorrect manipulation of the parameter image in the file /admin/editposts.php, which...

wangmarket 代码问题漏洞

wangmarket is a privatized deployment of your own SAAS cloud builder system for xnx3 individual developers in China. A code issue vulnerability exists in wangmarket 6.4 and earlier versions, which stems from the incorrect operation of the parameter image in the file /sits/uploadImage.do, which...

CVE-2025-67706

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...

CVE-2025-67707

ArcGIS Server versions 11.5 and earlier on Windows and Linux are affected by an input validation issue: uploaded files are not properly validated, allowing remote unauthenticated attackers to upload arbitrary files to designated upload directories. The server architecture restricts uploaded files...

CVE-2025-67706 Unvalidated File Upload vulnerability in ArcGIS Server.

ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories. However, the server’s architecture enforces controls that restrict uploaded...