WordPress plugin Fancy Product Designer has a security vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-67288

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation as shown in the documentation belongs to the system administrator who is...

CVE-2025-8349

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

PT-2024-24841 · WordPress · Yumpu Epaper Publishing Plugin

Name of the Vulnerable Software and Affected Versions: Yumpu ePaper publishing plugin for WordPress version 2.0.24 and earlier Description: The issue allows authenticated attackers with subscriber-level access and above to upload PDF files, publish them, and modify the API key due to a missing...

PT-2024-10381 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi affected versions not specified Description: The issue is related to a lack of protection measures on web pages, allowing a remote attacker to execute arbitrary JavaScript code by uploading a specially crafted PDF file. Recommendations...