CVE-2025-8314 Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter

The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2013-10054

An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 and possibly earlier contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails ...

CVE-2013-10054

An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 and possibly earlier contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails ...

Sourceforge LibrettoCMS 安全漏洞

Sourceforge LibrettoCMS is an open source content management system from Sourceforge. A security vulnerability exists in Sourceforge LibrettoCMS 1.1.7 and earlier versions, which stems from a file manager plugin that does not properly validate file extensions, and could lead to remote code...

PT-2025-30738 · WordPress · Frontend File Manager Plugin

Name of the Vulnerable Software and Affected Versions: Frontend File Manager Plugin for WordPress versions prior to 21.5 Description: The plugin is susceptible to unauthorized data loss due to a missing capability check within the wpfm delete multiple files function. This allows unauthenticated...

CVE-2025-2799

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes i...

CVE-2025-6976

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2025-6975

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendarheader’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-6975

CVE-2025-6975 concerns the WordPress plugin Events Manager – Calendar, Bookings, Tickets, and more! Affected versions up to 7.0.3 are vulnerable to Reflected Cross‑Site Scripting via the calendar_header parameter due to insufficient input sanitization and output escaping. Exploitation requires no...

CVE-2025-6970 Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-6970 Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin Events Manager SQL注入漏洞

WordPress Events Manager plugin is a full-featured event management tool that supports event registration, ticket sales, booking management and recurring event settings. The WordPress Events Manager plugin suffers from a SQL injection vulnerability that stems from the plugin's failure to adequate...

PT-2025-28966 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions prior to 7.0.4 Description: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is susceptible to Reflected Cross-Site Scriptin...

CVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-53260

CVE-2025-53260 arises from an Unrestricted Upload of File with Dangerous Type in the getredhawkstudio File Manager Plugin for WordPress. Affected Software: File Manager Plugin for WordPress versions up to and including 7.5. Impact: allows uploading a Web Shell to the web server, enabling potentia...

CVE-2025-53260 WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-53260 WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

WordPress plugin File Manager Plugin For Wordpress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Download Manager plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Download Manager plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

PT-2025-27167 · WordPress · File Manager Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: File Manager Plugin For Wordpress versions prior to 7.5 Description: The issue allows attackers to upload dangerous files, including web shells, to a web server, compromising its security. This is due to an Unrestricted Upload of File with...