EUVD-2024-45999

Malicious code in bioql PyPI...

EUVD-2024-43532

Malicious code in bioql PyPI...

CVE-2025-60156

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.36...

CVE-2025-60219

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through = 1.9.24...

CVE-2025-60156

The CVE-2025-60156 entry concerns WordPress plugin AR For WordPress (vulnerable up to 7.98). Several connected sources describe a CSRF vulnerability that can enable an attacker to upload a Web Shell to the target web server. The underlying issue is that requests are not properly validated, allowi...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

PT-2025-39598

Name of the Vulnerable Software and Affected Versions webandprint AR For WordPress versions through 7.98 Description A Cross-Site Request Forgery CSRF issue exists in webandprint AR For WordPress, potentially allowing an attacker to upload a web shell to a web server. This is achieved by exploiti...

PT-2025-39621

Name of the Vulnerable Software and Affected Versions HaruTheme WooCommerce Designer Pro versions through 1.9.24 Description The software contains a flaw that permits unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This could lead to unauthorized...

CVE-2025-58819

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

PT-2025-35387

Name of the Vulnerable Software and Affected Versions: Mojoomla School Management versions n/a through 1.93.1 Description: A flaw exists in Mojoomla School Management that allows for unrestricted file uploads, potentially enabling attackers to upload web shells to a web server. This could lead to...

WordPress plugin Drag and Drop File Upload for Elementor Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-53251

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through 7.2...

CVE-2025-53251

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through 7.2...

CVE-2025-53251

CVE-2025-53251 pertains to WordPress Pin WP theme versions earlier than 7.2, where an Unrestricted Upload of File with Dangerous Type enables uploading a web shell to the web server. The issue affects Pin WP

PT-2025-34227 · WordPress · An-Themes Pin Wp

Name of the Vulnerable Software and Affected Versions: An-Themes Pin WP versions prior to 7.2 An-Themes Pin WP versions through 6.9 Description: An unrestricted file upload vulnerability exists in An-Themes Pin WP, allowing for the upload of web shells to a web server. This could lead to full...

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...

CVE-2025-54446

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

CVE-2025-5243

CVE-2025-5243 affects SMG Software Information Portal. Affected versions before 13.06.2025 are vulnerable to unrestricted file upload and improper neutralization of special elements in OS command contexts, enabling code injection and potential upload of a web shell leading to code inclusion. The ...