144 matches found
BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion
The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File Inclusion vulnerability via TimThumb. id: CVE-2015-9415 info: name: BJ Lazy Load Timthumb = 0.7.5 - Remote File Inclusion author: s4e-io severity: high description: | The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File...
CVE-2025-15264
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
EUVD-2025-205850
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
Server-side Request Forgery (SSRF)
Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the TimThumb component in the timthumb.php file. An attacker can access internal resources or perform unauthorized requests by manipulating the src argument...
CVE-2025-15264
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-15264
CVE-2025-15264 affects FeehiCMS (up to v2.1.1) via the TimThumb component in frontend/web/timthumb.php. The vulnerability arises from manipulating the src argument, enabling server-side request forgery (SSRF) and potentially allowing remote exploitation. Public disclosures of the exploit exist; t...
FeehiCMS 代码问题漏洞
FeehiCMS is a Php-based CMS website builder by Liufee personal developer. A code issue vulnerability exists in FeehiCMS 2.1.1 and prior versions, which stems from the incorrect manipulation of the parameter src in the file frontend/web/timthumb.php, which could lead to server-side request forgery...
PT-2025-54214
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...
CVE-2025-13899
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
EUVD-2025-201526
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13899
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13899 TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13899 TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13899
CVE-2025-13899 affects the TR Timthumb WordPress plugin. All versions up to 1.0.4 are vulnerable to Stored Cross-Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or higher, enabling ...
WordPress plugin TR Timthumb 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
PT-2025-49352
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
WordPress TR Timthumb plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peter Thaleikis in WordPress Plugin TR Timthumb versions = 1.0.4...