EUVD-2024-53967

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...

Mautic Arbitrary File Upload Vulnerability

Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...

VulnCheck KEV: CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.9.2. This makes it possible for...

Path Traversal

labelstudiosdk is vulnerable to Path Traversal. The vulnerability is due to improper file path validation in the VOC, COCO, and YOLO export functionalities, where the download function in the label-studio-sdk package fails to properly validate file paths during task exports, allowing attackers to...

CVE-2024-13741 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pmuploadimage function. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

CVE-2024-13011

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

CVE-2024-10960

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-13544 Zarinpal Paid Downloads <= 2.3 - Admin+ Arbitrary File Upload

The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2024-13011

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

CVE-2024-13011 WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

CVE-2024-13011

CVE-2024-13011 applies to the WordPress plugin WP Foodbakery and is described as an unauthenticated, arbitrary file upload vulnerability stemming from insufficient validation in the upload_publisher_profile_image function for versions up to 4.7. The Wordfence entry explicitly notes the impact cou...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2025-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerabilities fixed in Cisco AsyncOS Software

Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution...

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

CVE-2024-9659

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mjsmgtuseravatarimageupload function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload...

CVE-2024-9290

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibkrestoremigratecheck function in all versions up to, and including, 2.3.3. This makes it possible for...

CVE-2024-6885

The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxiremovecustomimagesize and maxiaddcustomimagesize functions in all versions up to, and including, 1.9.2. This makes ...

CVE-2024-6314

The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'processimageupload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...