EUVD-2025-28822

Malicious code in bioql PyPI...

CVE-2025-9296

A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=updateavatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

Emlog Pro 安全漏洞

Emlog Pro is a blogging system from Emlog open source. A security vulnerability exists in Emlog Pro 2.5.18 and earlier versions, which stems from an incorrect manipulation of the parameter image leading to unlimited uploads...

CVE-2025-9173

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in...

CVE-2025-9173

...

PT-2025-34036 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions through 2.5.18 Description: A weakness has been identified that allows for unrestricted file upload. This issue affects the processing of the file /admin/media.php?action=upload&sid=0. Manipulation of the File argument can...

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.18...

WordPress plugin Most And Least Read Posts Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Most And Least...

WordPress Most And Least Read Posts Widget Plugin <= 2.5.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Most And Least Read Posts Widget Type Plugin Vulnerable versions = 2.5.18 Fixed in 2.5.19 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-49628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f9657dfe35e8 Credits SOPROB...

WordPress Search Filter Pro Plugin < 2.5.18 is vulnerable to Cross Site Scripting (XSS)

Software Search Filter Pro Type Plugin Vulnerable versions 2.5.18 Fixed in 2.5.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6481 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f5364627440 Credits Felipe Caon Required...

PT-2024-37657 · WordPress · Search & Filter Pro

Name of the Vulnerable Software and Affected Versions: Search & Filter Pro WordPress plugin versions prior to 2.5.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

WordPress Google Doc Embedder 2.5.18 Cross Site Scripting

Title: WordPress 'Google Doc Embedder' plugin - XSS Version: 2.5.18 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/google-document-embedder/ Contacted WordPress: 2015/01/26 ==========================================================...