PT-2026-34310

Name of the Vulnerable Software and Affected Versions Fast & Fancy Filter – 3F plugin for WordPress versions prior to 1.2.3 Description Cross-Site Request Forgery occurs due to missing nonce verification in the saveFields function, which handles the 'fff save settins' AJAX action. This allows...

CVE-2025-7846

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savefields function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-7846 WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savefields function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

EUVD-2025-37305

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savefields function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-44583

Name of the Vulnerable Software and Affected Versions WordPress User Extra Fields versions up to and including 16.7 Description The WordPress User Extra Fields plugin is susceptible to arbitrary file deletion. This is due to inadequate file path validation within the save fields function...

WordPress plugin FunKItools 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

PT-2024-27805 · Usvn · Usvn

Name of the Vulnerable Software and Affected Versions: User-friendly SVN USVN versions prior to 1.0.12 Description: The issue is related to improper input validation in the /admin/config/save endpoint, allowing administrators to execute arbitrary code via the fields siteTitle, siteIco, and...