CVE-2025-32660

CVE-2025-32660 : WordPress JS Job Manager plugin versions n/a–2.0.2 is vulnerable to Unrestricted Upload of File with Dangerous Type, enabling an attacker to upload a Web Shell to the server. Root cause: improper validation of uploaded file types allows arbitrary file uploads. Current references ...

CVE-2025-32660 WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through = 2.0.2...

CVE-2025-32660 WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2...

CVE-2025-32682 WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through = 8.6.4...

CVE-2025-39557 WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through = 1.5.14...

CVE-2025-30967

Cross-Site Request Forgery CSRF vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a...

CVE-2025-30967

CVE-2025-30967 is a CSRF-to-Remote Code Execution flaw in WP Job Board (notFound) affecting WP Job Board versions prior to 5.11.1. The advisory lists a high severity (CVSS 3.1: 9.6, Confidentiality/Integrity/Availability all High). Mitigation: upgrade to WP Job Board 5.11.1 or later, which patche...

CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

PT-2025-16535 · WordPress · Wpjobboard

Name of the Vulnerable Software and Affected Versions: WPJobBoard affected versions not specified Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting the CSRF vulnerability...

Exploit for CVE-2025-32579

⚠️ CVE-2025-32579 - Critical RCE via Sync Posts Plugin WordPr...

CVE-2025-32140

Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through = 1.3.2...

CVE-2025-32496

Cross-Site Request Forgery CSRF vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through = 1.0.5...

CVE-2025-32576

Cross-Site Request Forgery CSRF vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through = 2.6.1...

PT-2025-16074 · Softclever Limited · Sync Posts

Name of the Vulnerable Software and Affected Versions: SoftClever Limited Sync Posts versions n/d through 1.0 SoftClever Limited Sync Posts versions n/a through 1.0 Since both descriptions refer to the same range of affected versions, we can consolidate them into one line. However, given the...

CVE-2025-32576

Cross-Site Request Forgery CSRF vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through = 2.6.1...

CVE-2025-32496

Cross-Site Request Forgery CSRF vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through = 1.0.5...

CVE-2025-32496

CVE-2025-32496 is an Unpatched CSRF to Remote Code Execution in the WordPress plugin Ultra Demo Importer (versions up to 1.0.5). The vulnerability allows an attacker to perform CSRF to execute a web shell on the server, as documented in the vulnerability listing. The CVSSv3.1 base score is 9.6 (C...

CVE-2025-32496 WordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerability

Cross-Site Request Forgery CSRF vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through = 1.0.5...

PT-2025-15794 · Unknown · Agence Web Eoxia - Montpellier Wp Shop

Name of the Vulnerable Software and Affected Versions: Agence web Eoxia - Montpellier WP shop versions n/a through 2.6.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting...