18 matches found
CVE-2025-14388
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...
WordPress PhastPress plugin <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection vulnerability
Unauthenticated Arbitrary File Read via Null Byte Injection vulnerability discovered by shark3y in WordPress Plugin PhastPress versions = 3.7...
EUVD-2025-204781
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...
CVE-2025-14388
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...
CVE-2025-14388 PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...
CVE-2025-14388
CVE-2025-14388 (PhastPress) is a WordPress plugin vulnerability: unauthenticated arbitrary file read via a null-byte injection. Root cause is a mismatch between URL decoding in getExtensionForURL() and null-byte stripping in appendNormalized(), enabling a crafted path to access sensitive files li...
CVE-2025-14388 PhastPress <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in getExtensionForURL which operates on URL-decoded paths, and appendNormalized...
WordPress plugin PhastPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-52733
Name of the Vulnerable Software and Affected Versions PhastPress versions prior to 3.8 Description The PhastPress plugin for WordPress is susceptible to Unauthenticated Arbitrary File Read due to a null byte injection issue. A discrepancy exists between how the extension validation in the...
CVE-2021-24210
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago...
CVE-2021-24210
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago...
CVE-2021-24210
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago...
Open redirect
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago...
CVE-2021-24210
Vulnerability context (CVE-2021-24210) : The WordPress PhastPress plugin is affected prior to version 1.111, containing an open redirect that lets an attacker malform a request to a page with the plugin and redirect the victim to a malicious site. Public references in connected documents describe...
CVE-2021-24210 PhastPress < 1.111 - Open Redirect
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago...
WordPress 输入验证错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the...
PhastPress < 1.111 - Open Redirect
There is an open redirect in the plugin that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/ that...
PhastPress < 1.111 - Open Redirect
There is an open redirect in the plugin that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/ that...