CVE-2025-7360

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handlefilesupload function in all versions up to, and including, 2.2.1. This makes it possible for...

CVE-2025-7360

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handlefilesupload function in all versions up to, and including, 2.2.1. This makes it possible for...

CVE-2025-2941

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...

CVE-2025-2941

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...

CVE-2025-2941

CVE-2025-2941 affects the WordPress plugin “Drag and Drop Multiple File Upload for WooCommerce.” The issue is arbitrary file movement caused by insufficient validation of the wc-upload-file[] parameter in all versions up to 1.1.4, allowing unauthenticated actors to move files on the server (e.g.,...

SquirrelMail 1.2.11 move_messages.php Arbitrary File Moving

No description provided by source. source: http://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization...