Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 3:25 a.m.5 views

CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...

5.3CVSS5.5AI score0.00328EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 3:25 a.m.37 views

CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...

5.3CVSS0.00328EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:18 a.m.7 views

CVE-2024-8725

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

6.8CVSS6.5AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/05 9:39 a.m.16 views

CVE-2024-9417 Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are...

6.1CVSS0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/05 9:39 a.m.14 views

CVE-2024-9417 Hash Form - Drag & Drop Form Builder <= 1.1.9 - Unauthenticated Limited File Upload

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are...

6.1CVSS6.6AI score0.00338EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/26 10:59 a.m.26 views

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

6.8CVSS0.00357EPSS
Exploits0References4
CVE
CVE
added 2024/09/26 10:59 a.m.61 views

CVE-2024-8725

CVE-2024-8725 affects the WordPress plugin Advanced File Manager (

6.8CVSS6AI score0.00357EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/26 10:59 a.m.25 views

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

6.8CVSS6.5AI score0.00357EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/04/25 12:44 p.m.5 views

WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability

Limited Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin XStore Core versions = 5.3.8...

9.8CVSS7AI score0.00583EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/15 9:5 a.m.7 views

WordPress Otter Blocks plugin <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting vulnerability

Authenticated Author+ Limited File Upload to Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara in WordPress Plugin Otter - Gutenberg Block versions = 2.6.8...

6.4CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder