CVE-2025-30933 WordPress LogisticsHub theme <= 1.1.6 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...

CVE-2025-30933

CV E-2025-30933 (LogisticsHub) in WordPress LogisticsHub theme (versions &lt;= 1.1.6) has an Unrestricted Upload of File with Dangerous Type vulnerability that allows uploading a web shell to the web server. The weakness affects the plugin/theme in the LogisticsHub line and is currently unpatched...

CVE-2025-28951

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

CVE-2025-28951

CVE-2025-28951 describes an Unrestricted Upload of File with Dangerous Type in the Bulk Featured Image WordPress plugin (versions up to 1.2.1/1.2.4 per sources). The vulnerability allows uploading of a web shell due to accepting dangerous file types, enabling remote code execution on the web serv...

CVE-2025-28951 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

CVE-2025-28951 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...

WordPress plugin Bulk Featured Image 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-27906 · Liquidthemes · Logisticshub

Name of the Vulnerable Software and Affected Versions: LiquidThemes LogisticsHub versions 1.1.6 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to significant security...

GHSA-P9QC-8JJX-G8CG Bolt CMS vulnerable to authenticated remote code execution

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...

CVE-2025-34086

Bolt CMS versions 3.7.0 and earlier are affected by an authenticated remote code execution chain. An authenticated user can inject PHP code into the displayname field, which is rendered unsanitized in backend templates. The attacker can enumerate and rename cached session files via /async/browse/...

Exploit for CVE-2025-23968

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GP...

CVE-2025-23968

Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through = 1.9...

CVE-2025-23968 WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through = 1.9...

CVE-2025-23968 WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through = 1.9...

CVE-2025-23968

CVE-2025-23968 affects the WordPress AiBud WP plugin (AiBud OpenAI ChatGPT integration) versions up to 1.8.5. A REST API route at /wp-json/ai-buddy/v1/wp/attachments permits uploading attachments; the renaming logic (via the filename parameter) can change the uploaded file’s name to a PHP extensi...

WordPress plugin AiBud WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-27822 · Unknown · Wpcenter Aibud Wp

Name of the Vulnerable Software and Affected Versions: WPCenter AiBud WP versions 1.8.5 and earlier Description: The issue affects WPCenter AiBud WP, allowing an unrestricted upload of a file with a dangerous type, which enables uploading a web shell to a web server. Recommendations: For versions...

CVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-49885

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload Pro - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload Pro - WooCommerce: from n/a through =...

CVE-2025-53260 WordPress File Manager Plugin For Wordpress plugin <= 7.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...