CVE-2025-60219

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through = 1.9.24...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

CVE-2025-60156

The CVE-2025-60156 entry concerns WordPress plugin AR For WordPress (vulnerable up to 7.98). Several connected sources describe a CSRF vulnerability that can enable an attacker to upload a Web Shell to the target web server. The underlying issue is that requests are not properly validated, allowi...

PT-2025-39598

Name of the Vulnerable Software and Affected Versions webandprint AR For WordPress versions through 7.98 Description A Cross-Site Request Forgery CSRF issue exists in webandprint AR For WordPress, potentially allowing an attacker to upload a web shell to a web server. This is achieved by exploiti...

PT-2025-39621

Name of the Vulnerable Software and Affected Versions HaruTheme WooCommerce Designer Pro versions through 1.9.24 Description The software contains a flaw that permits unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This could lead to unauthorized...

Tourism Management System 2.0 - Arbitrary Shell Upload

Exploit Title: Tourism Management System 2.0 - Arbitrary Shell Upload Date: 2025-10-09 Exploit Author: Debug Security Vendor Homepage: https://kodcloud.com/ Software Link: https://github.com/sohamjuhin/Tourism-Management-System Version: v2.0 Tested on: Windows 11, PHP 8.2.4, Apache 2.4.56 CVE:...

CVE-2025-57642

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...

CVE-2025-57642

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...

CVE-2025-57642

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...

Tourism-Management-System 安全漏洞

Tourism-Management-System is a visitor management system from the individual developers of SOHAM DAS. A security vulnerability exists in Tourism-Management-System version 2.0 that originates from a shell upload and could lead to remote code execution...

CVE-2025-57642

CVE-2025-57642 affects Tourism Management System 2.0 with a shell-upload vulnerability that allows uploading and executing PHP shells, enabling remote code execution and unauthorized access. CVSS v3.1 metrics indicate Network access, Low attack complexity, Privileges required: High, with Confiden...

CVE-2025-57642

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...

PT-2025-37078

Name of the Vulnerable Software and Affected Versions: Tourism Management System version 2.0 Description: A shell upload issue exists in Tourism Management System 2.0, allowing an attacker to upload and execute arbitrary PHP shell scripts on the server. Successful exploitation can lead to remote...

CVE-2025-57642

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...

CVE-2025-58819

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

PT-2025-35387

Name of the Vulnerable Software and Affected Versions: Mojoomla School Management versions n/a through 1.93.1 Description: A flaw exists in Mojoomla School Management that allows for unrestricted file uploads, potentially enabling attackers to upload web shells to a web server. This could lead to...

WordPress plugin Drag and Drop File Upload for Elementor Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-53251

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through 7.2...

CVE-2025-53251

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through 7.2...