User-Management-PHP-MYSQL 代码问题漏洞

User-Management-PHP-MYSQL is a secure user management system by Ajay Randhawa Personal Developer. A code issue vulnerability exists in User-Management-PHP-MYSQL that stems from incorrect manipulation of the parameter image in the file /admin/edit-user.php, which could lead to arbitrary file uploa...

PT-2025-43995

Name of the Vulnerable Software and Affected Versions Simple Food Ordering System version 1.0 Description A security issue exists that allows for unrestricted file upload. This occurs due to manipulation of the photo argument within an unknown function of the /editproduct.php file. The attack can...

LearnHouse 安全漏洞

LearnHouse is an online learning management system open-sourced by LearnHouse. LearnHouse has a security vulnerability that stems from an insufficient restriction of the parameter thumbnail in the component Course Thumbnail Handler in files/api/v1/courses/, which could lead to arbitrary file...

WordPress plugin WooCommerce Designer Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-11889

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...

EUVD-2025-35812

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access...

EUVD-2025-35804

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

CVE-2025-9978 Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS

The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability...

PT-2025-43162

Name of the Vulnerable Software and Affected Versions CMSSuperHeroes Clanora versions prior to 1.3.1 Description The software contains a flaw related to unrestricted file uploads, potentially allowing the use of malicious files. This could allow an attacker to upload files of dangerous types...

Wordpress Plugin Medcity 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Wordpress Plugin Wastia Theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

PT-2025-43245

Name of the Vulnerable Software and Affected Versions Zippy versions through 1.7.0 Description The software contains a flaw related to unrestricted file uploads, allowing the use of malicious files. This could potentially allow an attacker to compromise the system. Recommendations Update to a...

Hikvision CSMP iSecure Center 安全漏洞

Hikvision CSMP iSecure Center is a comprehensive security management platform from Hikvision China. A security vulnerability exists in Hikvision CSMP iSecure Center version 2023-06-25 and earlier, which originates from /center/api/files directory traversal and could lead to file uploads...

EUVD-2025-35048

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service DoS via uploading an excessive number of files...

CVE-2025-56223

CVE-2025-56223 affects SigningHub v8.6.8, specifically the component /Home/UploadStreamDocument . The root cause is a lack of rate limiting, enabling a potential attacker to trigger a Denial of Service (DoS) by uploading an excessive number of files. Public documents consistently describe this is...

CVE-2025-11256

The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversatio...

CVE-2025-11256 Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing

The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversatio...

WordPress plugin Kognetiks Chatbot 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... An authorization...

CVE-2025-10041

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-10700

CVE-2025-10700 concerns the WordPress plugin Ally – Web Accessibility & Usability (versions up to 3.8.0). The issue is Cross-Site Request Forgery caused by missing/incorrect nonce validation in enable_unfiltered_files_upload, allowing unauthenticated attackers to trick an admin into enabling unfi...