2 matches found
CVE-2026-11962 FileOrganizer < 1.2.0 - Authenticated Arbitrary File Upload via elFinder File Operations
The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...
DRUPAL-CONTRIB-2023-048
This module enables users to log in by email address with minimal configurations. Drupal core contains protection against brute force attacks via a flood control mechanism. This module's functionality did not replicate the flood control, enabling brute force attacks. A previous security advisory,...