EUVD-2022-52202

Malicious code in bioql PyPI...

CVE-2022-4949

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

CVE-2022-4949

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

CVE-2022-4949

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

Input validation

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

CVE-2022-4949 AdSanity < 1.8.2 - Authenticated Arbitrary File Upload

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxupload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on th...

CVE-2022-4949

CVE-2022-4949 affects the AdSanity WordPress plugin. The vulnerability stems from missing file type validation in the ajax_upload function, vulnerable through versions up to and including 1.8.1. An authenticated attacker with Contributor+ privileges can upload arbitrary files to the server, which...

WordPress Plugin AdSanity 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2023-15935 · WordPress · Adsanity

Name of the Vulnerable Software and Affected Versions: AdSanity plugin for WordPress versions up to, and including, 1.8.1 Description: The issue is related to missing file type validation in the ajax upload function, allowing authenticated attackers with Contributor+ level privileges to upload...

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover

The WordPress content management system CMS is offering admins more headaches this week, thanks to a pair of disparate but concerning security problems in add-ons for the platform. The first issue affects the WordPress AdSanity plugin. It’s a critical security vulnerability that could allow remot...

AdSanity < 1.8.2 - Contributor Arbitrary File Upload

The plugin does not have authorisation check in its adsanityhtml5upload, relying on a CSRF check for it. However, the nonce is available to any authenticated with a role as low contributor, allowing them to call it. Furthermore, due to the lack of validation of the upload file, it could allow the...

WordPress AdSanity premium plugin <= 1.8.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Arbitrary File Upload Contributor user role discovered by Jerome Bruandet in WordPress AdSanity premium plugin versions = 1.8.1. Solution Update the WordPress AdSanity premium plugin to the latest available version at least 1.8.2. Vulnerability autho...