CVE-2025-54446

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...

PT-2025-30526 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A path traversal issue exists in Samsung Electronics MagicINFO 9 Server, potentially allowing an attacker to upload a web shell to a web server. Recommendations: Update MagicINFO 9...

PT-2025-30534 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A path traversal vulnerability exists in Samsung Electronics MagicINFO 9 Server. This issue allows for the upload of a web shell to a web server. Recommendations: Update MagicINFO 9...

📄 WordPress Pie Register 3.7.1.4 Shell Upload

WordPress Pie Register plugin versions 3.7.1.4 and below suffer from a bypass vulnerability that enables an attacker to upload a shell. Exploit Title: Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE Google Dork: inurl:/wp-content/plugins/pie-register/ Date: 2025-07-09 Exploit...

CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3...

CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce...

CVE-2025-48300 WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through = 4.2.1...

Exploit for CVE-2025-23968

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GP...

WordPress plugin AiBud WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

📄 TinyWebGallery 2.7 Shell Upload

TinyWebGallery version 2.7 suffers from an authenticated remote shell upload vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Shell Upload Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...

CVE-2025-53260 WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-49885

CVE-2025-49885 concerns the WordPress plugin HaruTheme Drag and Drop Multiple File Upload (Pro) – WooCommerce (

CVE-2025-47452

Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR wpvr allows Upload a Web Shell to a Web Server.This issue affects WP VR: from n/a through = 8.5.26...

CVE-2025-49071

CVE-2025-49071 : Flozen WordPress theme (Flozen

CVE-2025-47559 WordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.4...

CVE-2025-49444 WordPress Reformer for Elementor <= 1.0.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5...

CVE-2025-49444 WordPress Reformer for Elementor plugin <= 1.0.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through = 1.0.5...

PT-2025-25710 · Unknown · Merkulove Reformer For Elementor

Name of the Vulnerable Software and Affected Versions: merkulove Reformer for Elementor versions 1.0.0 through 1.0.5 Description: The issue allows an attacker to upload a web shell to a web server, potentially leading to unauthorized access and control. This is due to an Unrestricted Upload of Fi...

WordPress Celestial Aura Theme 2.2 Shell Upload

WordPress Celestial Aura Theme versions 2.2 and below suffer from a remote shell upload vulnerability...

CVE-2025-49329

Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through = 1.5.2...