CVE-2025-60219

The CVE-2025-60219 entry concerns HaruTheme WooCommerce Designer Pro (versions up to 1.9.24). The vulnerability is an Unrestricted Upload of File with Dangerous Type, enabling uploading of a web shell to the web server. Root cause centers on permissive file-type handling in the plugin’s upload me...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

CVE-2025-60156

The CVE-2025-60156 entry concerns WordPress plugin AR For WordPress (vulnerable up to 7.98). Several connected sources describe a CSRF vulnerability that can enable an attacker to upload a Web Shell to the target web server. The underlying issue is that requests are not properly validated, allowi...

PT-2025-39598

Name of the Vulnerable Software and Affected Versions webandprint AR For WordPress versions through 7.98 Description A Cross-Site Request Forgery CSRF issue exists in webandprint AR For WordPress, potentially allowing an attacker to upload a web shell to a web server. This is achieved by exploiti...

WordPress plugin AR For WordPress 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin AR For WordPress, whi...

PT-2025-39621

Name of the Vulnerable Software and Affected Versions HaruTheme WooCommerce Designer Pro versions through 1.9.24 Description The software contains a flaw that permits unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This could lead to unauthorized...

Retail at risk: How one alert uncovered a persistent cyberthreat​​

In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing security compromises in the past year, the risks for businesses continue to increase...

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

PT-2025-38005

Name of the Vulnerable Software and Affected Versions: code-projects Computer Laboratory System version 1.0 Description: The Computer Laboratory System contains a file upload issue. Staff members can upload malicious files, specifically PHP backdoor files, when modifying their avatar information...

CVE-2025-56295

CVE-2025-56295 affects the code-projects Computer Laboratory System 1.0. The issue is a file upload vulnerability in the avatar modification flow, where the upload feature does not restrict file types, enabling staff to upload malicious PHP backdoor files. This can be leveraged to establish a web...

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

CVE-2025-57642

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality...

CVE-2025-58819

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

CVE-2025-58819

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

CVE-2025-58819 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

CVE-2025-58819

CVE-2025-58819 describes an unrestricted file upload vulnerability in the WordPress plugin Bulk Featured Image (versions up to 1.2.2). The flaw permits uploading files with dangerous types, enabling potential web-shell upload to the web server. Multiple connected sources corroborate the affected ...

CVE-2025-58819 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

WordPress plugin Bulk Featured Image 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...