2 matches found
CVE-2025-24775
CVE-2025-24775 describes an Unrestricted Upload of File with Dangerous Type in WordPress Forms (Made IT Forms) plugin up to version 2.9.0, enabling uploading a web shell to the web server. Public records in the provided connected sources indicate this vulnerability affects Forms versions <= 2....
CVE-2025-8789 Portabilis i-Educar API Endpoint Diario authorization
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as problematic. This affects an unknown part of the file /module/Api/Diario of the component API Endpoint. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The explo...