4 matches found
CVE-2026-15097
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
GHSA-CHW4-GJVW-3GXC Melis Platform CMS Unauthenticated File Upload Leading to RCE
File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...
Melis Platform CMS Unauthenticated File Upload Leading to RCE
File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...
CVE-2025-10353
CVE-2025-10353 is an RCE via unrestricted file upload in Melis Technology's Melis Platform, specifically the melis-cms-slider module. A crafted POST to /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm uploading via the mcsdetail_img parameter can allow an attacker to place and execute ...