WordPress plugin Astra Security Suite – Firewall & Malware Scan 授权问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress plugin Astra Security Suite -...

WordPress plugin Elastic Theme Editor 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

Intel CIP 代码问题漏洞

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP has a code issue vulnerability that stems from an unrestricted upload of dangerous types of files, which can be exploited by attackers to cause data tampering...

PT-2025-46321

Name of the Vulnerable Software and Affected Versions TNC Toolbox: Web Performance plugin for WordPress versions up to and including 1.4.2 Description The TNC Toolbox: Web Performance plugin for WordPress is affected by a sensitive information exposure issue. The plugin stores cPanel API...

PT-2025-46298

Name of the Vulnerable Software and Affected Versions Progress Bar Blocks for Gutenberg plugin for WordPress versions prior to 1.0.1 Description The Progress Bar Blocks for Gutenberg plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input...

PT-2025-46324

Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.19 Description The Blocksy Companion plugin for WordPress is susceptible to authenticated arbitrary file upload due to insufficient file type validation. Specifically, the...

CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

WordPress plugin Mail Mint 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-34299

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...

PT-2025-45404

Name of the Vulnerable Software and Affected Versions Gravity Forms versions up to and including 2.9.20 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the copy post image function. This allows...

Projectworlds Online Notes Sharing Platform 安全漏洞

Projectworlds Online Notes Sharing Platform is an online notes sharing platform from Projectworlds India. A security vulnerability exists in Projectworlds Online Notes Sharing Platform version 1.0, which stems from an incorrect manipulation of the parameter image in the file...

Monsta FTP 代码问题漏洞

Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A security vulnerability exists in Monsta FTP 2.11 and earlier versions, which stems from allowing unauthenticated arbitrary file uploads and could lead to the...

VulnCheck KEV: CVE-2021-4449

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may...

CVE-2025-53283

The CVE-2025-53283 entry concerns the WordPress plugin Drop Uploader for CF7 - Drag&Drop File Uploader Addon (versions up to and including 2.4.1). The vulnerability is described as Unrestricted Upload of File with Dangerous Type, allowing an attacker to upload a Web Shell to the web server. Multi...

CVE-2025-12674

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...

CVE-2025-11373

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all...

WordPress plugin Custom User Registration Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

WordPress plugin King Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-12674

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...

CVE-2025-11373

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all...