CVE-2026-1557

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

PT-2026-22091

Name of the Vulnerable Software and Affected Versions WP Responsive Images plugin for WordPress versions prior to 1.1 Description The WP Responsive Images plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 1.0. This allows unauthenticated attackers to re...

WordPress plugin WP Responsive Images 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

VulnCheck KEV: CVE-2025-1743

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2023-45480

Tenda AC10 version USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the src parameter in the function sub47D878...

GHSA-VP8W-WJ4M-3R7J evershop allows unauthenticated attackers to force server to initiate HTTP request via "GET /images" API

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

CVE-2025-67427

A Blind Server-Side Request Forgery SSRF vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits...

PT-2026-1329

Name of the Vulnerable Software and Affected Versions evershop versions prior to 2.1.1 Description A Blind Server-Side Request Forgery SSRF exists in evershop versions prior to 2.1.1. An unauthenticated attacker can force the server to initiate an HTTP request via the ''/images'' API endpoint. Th...

Server-side Request Forgery (SSRF)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the TimThumb component in the timthumb.php file. An attacker can access internal resources or perform unauthorized requests by manipulating the src argument...

CVE-2025-15264

CVE-2025-15264 affects FeehiCMS (up to v2.1.1) via the TimThumb component in frontend/web/timthumb.php. The vulnerability arises from manipulating the src argument, enabling server-side request forgery (SSRF) and potentially allowing remote exploitation. Public disclosures of the exploit exist; t...

CVE-2024-25812

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

EUVD-2024-23120

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

EUVD-2024-24902

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

CVE-2024-25812

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

CVE-2024-25812

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

PT-2025-52681

Name of the Vulnerable Software and Affected Versions MyNET versions 26.06 and earlier Description An iframe injection issue exists that allows a remote attacker to execute arbitrary code. The issue is related to the src parameter. Recommendations Versions prior to 26.06 should be updated...