CVE-2025-8625

The Copypress Rest API plugin for WordPress (versions 1.1–1.2) is vulnerable to Remote Code Execution due to a hard-coded JWT signing key when no secret is configured and lack of file-type validation, allowing unauthenticated attackers to forge tokens and upload arbitrary files (e.g., PHP shells)...

WordPress plugin Qyrr 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin Post By Email Operating System Command Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

WordPress plugin Copypress Rest API 安全漏洞

WordPress Copypress Rest API plugin plugin is used to extend the functionality of WordPress plugin , by providing a RESTful interface to achieve data interaction . A code execution vulnerability exists in the WordPress Copypress Rest API plugin, which stems from the use of a hard-coded JWT signin...

PT-2025-39928

Name of the Vulnerable Software and Affected Versions Qyrr – simply and modern QR-Code creation plugin for WordPress versions through 2.0.7 Description The Qyrr plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the blob to file function...

Medical Informatics Engineering Enterprise Health multiple vulnerabilities

RISK EVALUATION Medical Informatics Engineering Enterprise Health is an OEHR Occupational Electronic Health Record platform. Enterprise Health contains multiple vulnerabilities that could allow an attacker to inject executable content, obtain session tokens, and upload arbitrary files. 2...

WordPress plugin WP-DownloadManager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Avepoint多款产品 代码问题漏洞

AvePoint DocAve and others are products of AvePoint, Inc.AvePoint DocAve is a document management platform.AvePoint Perimeter is a document sharing platform.AvePoint Compliance Guardian is a data governance platform. A code issue vulnerability exists in various Avepoint products that stems from n...

WordPress plugin WooCommerce Designer Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-39320

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.4.0 Description Horilla, a Human Resource Management System HRMS, has an issue where the file upload process lacks server-side validation. Client-side validation can be bypassed, allowing an attacker to upload an...

TalentSys Inka.Net 代码问题漏洞

TalentSys Inka.Net is a human resource management system from TalentSys Turkey. A code issue vulnerability exists in TalentSys Inka.Net versions prior to 6.7.1, which stems from allowing the upload of dangerously typed files, which could lead to command injection...

PT-2025-39155

Name of the Vulnerable Software and Affected Versions Podlove Podcast Publisher versions up to and including 4.2.6 Description The Podlove Podcast Publisher plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation in the move as original file functio...

CVE-2025-10009 Authenticated admin RCE in Invoice Ninja

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...

Selleo Mentingo 代码问题漏洞

Selleo Mentingo is an in-house training and employee development platform from Selleo Poland. A code issue vulnerability exists in Selleo Mentingo version 2025.08.27, which stems from an insufficient restriction of the parameter userAvatar in the Content-Type Handler component, which could lead t...

Selleo Mentingo 代码问题漏洞

Selleo Mentingo is an in-house training and employee development platform from the Polish company Selleo. A code issue vulnerability exists in Selleo Mentingo version 2025.08.27 and earlier, which stems from insufficient validation of the parameter userAvatar in the Profile Picture Handler...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on file uploads through forms, which are stored in the documentlibrary, allowing an attacker to upload unlimited files and cause a potential DDoS...

CVE-2025-9216

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...

WordPress plugin Embed PDF for WPForms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin Embed PDF...

PT-2025-38501

Name of the Vulnerable Software and Affected Versions Goza - Nonprofit Charity WordPress Theme versions prior to and including 3.2.2 Description The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the beplus import...

PT-2025-38382

Name of the Vulnerable Software and Affected Versions Airsonic-Advanced versions prior to 10.6.1 Description A vulnerability exists in Airsonic-Advanced up to version 10.6.0 within the Playlist Upload Handler component. Manipulation of the component allows for unrestricted file uploads, and the...