CVE-2025-47452 WordPress WP VR <= 8.5.26 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26...

CVE-2025-47452

CVE-2025-47452 concerns RexTheme WP VR (WP VR) with an Unrestricted Upload of File with Dangerous Type vulnerability, allowing a Web Shell upload on servers running WP VR up to version 8.5.26. The vulnerability arises from an unsafe file upload handling in WP VR, affecting versions through 8.5.26...

CVE-2025-47559

CVE-2025-47559 affects WordPress MapSVG up to and including version 8.5.32, described as Unrestricted Upload of File with Dangerous Type that can allow uploading a Web Shell to the web server. The CVSS v3.1 base score is 9.9 (CRITICAL) with network access, low attack complexity, and all of confid...

CVE-2025-47559 WordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.4...

CVE-2025-47559 WordPress MapSVG plugin <= 8.5.32 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server. This issue affects MapSVG: from n/a through 8.5.32...

CVE-2025-49444 WordPress Reformer for Elementor <= 1.0.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5...

CVE-2025-49444

CVE-2025-49444 concerns merkulove Reformer for Elementor with an Unrestricted Upload of File with Dangerous Type vulnerability that allows uploading a Web Shell to the web server. Affected versions are up to 1.0.5 (inclusive). Multiple sources corroborate the issue and link it to an arbitrary fil...

CVE-2025-49444 WordPress Reformer for Elementor plugin <= 1.0.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through = 1.0.5...

PT-2025-25680 · Mapsvg · Mapsvg

Name of the Vulnerable Software and Affected Versions: MapSVG versions prior to 8.5.32 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential control o...

WordPress plugin MapSVG 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Reformer for Elementor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Flozen 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists i...

PT-2025-25688 · Unknown · Nasatheme Flozen

Name of the Vulnerable Software and Affected Versions: NasaTheme Flozen affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and...

PT-2025-25679 · WordPress · Rextheme Wp Vr

Name of the Vulnerable Software and Affected Versions: RexTheme WP VR versions through 8.5.26 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...

PT-2025-25710 · Unknown · Merkulove Reformer For Elementor

Name of the Vulnerable Software and Affected Versions: merkulove Reformer for Elementor versions 1.0.0 through 1.0.5 Description: The issue allows an attacker to upload a web shell to a web server, potentially leading to unauthorized access and control. This is due to an Unrestricted Upload of Fi...

WordPress plugin WP VR 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2025-49329

Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through = 1.5.2...

CVE-2025-49329

Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through = 1.5.2...

CVE-2025-49329 WordPress Store Locator WordPress plugin <= 1.5.2 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through = 1.5.2...

CVE-2025-49329 WordPress Store Locator WordPress <= 1.5.2 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2...