WordPress Yozi theme <= 2.0.63 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Yozi versions = 2.0.63...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CVE-2025-27921

CVE-2025-27921 is a reflected XSS in Output Messenger prior to version 2.0.63 where user input is reflected in the web app response. Affected product: Output Messenger (client/web component). Mitigations reported: upgrade to version 2.0.63 or later; no exploitation of this CVE has been observed b...

PT-2023-29744 · Qumu · Qumu Multicast Extension V2

Name of the Vulnerable Software and Affected Versions: Qumu Multicast Extension v2 versions prior to 2.0.63 Description: A privilege escalation issue exists within the Qumu Multicast Extension v2 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTE...

WordPress NextGEN Gallery 2.0.63 Shell Upload Vulnerability

WordPress NextGEN Gallery plugin version 2.0.63 suffers from a remote shell upload vulnerability. Exploit Title: Wordpress NextGEN Gallery Plugin 2.0.63 Arbitrary File Upload Author: SANTHO @s4n7h0 Vendor Homepage: http://wordpress.org/plugins/nextgen-gallery/ Category: WebApp / CMS / Wordpress...