EUVD-2025-198394

The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insertmediaattachment function in all versions up to, and including, 3.3.0. This is due to the saveupdatecategoryimg function accepting...

EUVD-2025-198403

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the...

WordPress plugin ELEX WordPress HelpDesk & Customer Ticketing System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blogs on PHP and MySQL based servers.WordPres...

WordPress plugin Vitepos 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin S2B AI Assistant 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin Zegen Core 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

egovframe-common-components 安全漏洞

egovframe-common-components is a collection of commonly used functions open-sourced by the e-Government Standard Framework Center. A security vulnerability exists in egovframe-common-components version 4.3.1 and earlier, which originates from an unauthenticated file upload endpoint and could lead...

CampCodes Retro Basketball Shoes Online Store 代码问题漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A code issue vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from an incorrect manipulation of the parameter productimage in the file...

AudioCodes Fax Server 安全漏洞

AudioCodes Fax Server is a fax server from AudioCodes Israel. A security vulnerability exists in AudioCodes Fax Server version 2.6.23 and earlier, which originates from an unverified backup upload endpoint and could lead to arbitrary file uploads and execution...

CVE-2025-41347 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este

Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'...

CVE-2025-4212

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-12457

CVE-2025-12457 concerns the WordPress plugin Enable SVG, WebP, and ICO Upload. The Wordfence vulnerability entry confirms a Stored Cross-Site Scripting (XSS) flaw via SVG file uploads in all versions up to 1.1.2, exploitable by an authenticated attacker with Author-level access or higher to injec...

CVE-2025-4212 Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

WordPress plugin Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Informática del Este WinPlus 代码问题漏洞

Informática del Este WinPlus is a human resource management platform from the Spanish company Informática del Este. A code issue vulnerability exists in Informática del Este WinPlus version v24.11.27, which stems from an unrestricted upload of a dangerous file type that could lead to an attacker...

WordPress plugin WP Dropzone 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-47260

Name of the Vulnerable Software and Affected Versions WP Dropzone versions prior to 1.1.1 Description The WP Dropzone plugin for WordPress is susceptible to unauthorized file uploads. Authenticated attackers with subscriber-level access or higher can upload arbitrary files to the server through t...

Windu CMS 跨站请求伪造漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient cross-site request forgery protection and could lead to malicious file uploads...

WordPress plugin Enable SVG, WebP, and ICO Upload 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blogs on PHP and MySQL-based servers. A co...