CVE-2026-25380

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through 2.1.5...

PT-2024-20534 · Crafatar · Crafatar

Name of the Vulnerable Software and Affected Versions: Crafatar versions prior to 2.1.5 Description: Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind...

PT-2023-29459 · WordPress · Import Xml/Rss Feeds

Name of the Vulnerable Software and Affected Versions: Import XML and RSS Feeds WordPress plugin versions prior to 2.1.5 Description: The issue allows unauthenticated attackers to perform remote code execution RCE due to a web shell in the plugin. This web shell was introduced as a result of a...

Vanilla Forums Cross-Site Request Forgery Vulnerability

Vanilla Forums is a Canadian company Vanilla Forums PHP-based open source forum program . A cross-site request forgery vulnerability exists in versions of Vanilla Forums prior to 2.1.5. A remote attacker can exploit this vulnerability to delete topics and comments on the forum...