PT-2025-15047 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite version 9.0 Description: The issue allows an authenticated user to upload a file with dangerous types that could be executed by another user if opened. Recommendations: For IBM Maximo Application Suite version 9.0...

PT-2025-2232 · WordPress · Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Export for WooCommerce plugin for WordPress versions up to, and including, 3.24 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain...

PT-2025-4852 · Unknown · Tandoor Recipes

Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.28 Description: The issue concerns the file upload feature in Tandoor Recipes, which allows uploading arbitrary files, including html and svg. These files can contain malicious content, such as XSS...

PT-2025-4485 · Optimizely · Episerver.Cms.Core

Name of the Vulnerable Software and Affected Versions: Optimizely EPiServer.CMS.Core versions prior to 12.32.0 Description: A medium-severity issue exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types,...

PT-2024-34453 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Jpress versions prior to 5.1.1 Description: The issue allows for arbitrary file uploads on the Windows platform. This can lead to the construction of non-standard file formats, such as .jsp, which can result in arbitrary command execution...

PT-2024-35236 · Unknown · Halyra Cdi

Name of the Vulnerable Software and Affected Versions: Halyra CDI versions n/a through 5.5.3 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI. This allows for the upload of files with dangerous types. Recommendations: For versions...

PT-2024-33470 · Vivek Tamrakar · Wp Rest Api Fns

Name of the Vulnerable Software and Affected Versions: Vivek Tamrakar WP REST API FNS versions 1.0.0 and earlier Description: The issue allows attackers to upload harmful content, including web shells, to a web server due to an Unrestricted Upload of File with Dangerous Type vulnerability. This c...

PT-2024-33432 · Unknown · Cooked Pro

Name of the Vulnerable Software and Affected Versions: Cooked Pro versions prior to 1.8.0 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Cooked Pro software. This allows for the upload of files with potentially dangerous types without...

PT-2024-39529 · WordPress · Re:Wp

Name of the Vulnerable Software and Affected Versions: Re:WP plugin for WordPress version 1.0.1 and earlier Description: The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This makes it...

PT-2024-18158 · WordPress · Ninja Forms - File Uploads

Name of the Vulnerable Software and Affected Versions: Ninja Forms - File Uploads plugin for WordPress versions up to, and including, 3.3.16 Description: The issue is a Stored Cross-Site Scripting vulnerability via an uploaded file, such as an RTX file, due to insufficient input sanitization and...

PT-2024-30669 · Jellyfin · Jellyfin

Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.9.10 Description: The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious SVG file. When viewed by an admin outside of th...

PT-2024-29714 · Cervantes · Cervantes

Name of the Vulnerable Software and Affected Versions: Cervantes versions through 0.5-alpha Description: The issue allows for insecure file uploads. Recommendations: For versions through 0.5-alpha, consider restricting file upload functionality until a secure version is available. As a temporary...

PT-2024-4313 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 16.10.7 GitLab CE/EE versions 16.11 through 16.11.4 GitLab CE/EE versions 17.0 through 17.0.2 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to cause a denial of service...

PT-2024-12057 · WordPress · Js Help Desk

Name of the Vulnerable Software and Affected Versions: JS Help Desk – Best Help Desk & Support Plugin versions n/a through 2.7.7 Description: The issue allows the upload of malicious files, potentially leading to security risks. This is due to an Unrestricted Upload of File with Dangerous Type...

PT-2024-23462 · Elementor · Layouts For Elementor

Name of the Vulnerable Software and Affected Versions: Layouts for Elementor versions prior to 1.8 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the functionality of the software. No information is provided about the estimated number of...

PT-2024-19408 · Unknown · Group-Office

Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.29 Description: The issue is related to the file upload mechanism in Group-Office, allowing an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For example, using a filenam...

PT-2024-12550 · Bagisto · Bagisto

Name of the Vulnerable Software and Affected Versions: Bagisto versions 1.5.0 and earlier Bagisto versions 1.3.1 and earlier Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via a crafted SVG file upload. Recommendations: For Bagisto versions 1.5.0 and earlie...

PT-2023-31459 · Unknown · Textpattern Cms

Name of the Vulnerable Software and Affected Versions: textpattern cms version 4.8.8 Description: There is an arbitrary file upload vulnerability in the background of textpattern cms, which leads to the loss of server permissions. Recommendations: For textpattern cms version 4.8.8, update to a...

PT-2023-32254 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution...

PT-2023-8541 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0 Description: The issue exists due to a lack of protection for the web page structure in the Online Preview component of PublicCMS. This allows a remote attacker to conduct cross-site scripting XSS attacks. The...