CVE-2025-34437

Summary: AVideo versions prior to 20.1 allow any authenticated user to upload comment images to videos owned by other users due to missing ownership checks in the /comment_images endpoint. What’s affected: AVideo before 20.1 (video comment image upload path). Root cause: Authentication is validat...

CVE-2025-12833 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'postattachmentupload' function due to missing validation on a user controlled key. This...

CVE-2024-13117

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...

CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...

CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajaxlistingsubmitimageupload' function due to missing validation on a user controlled key. This makes...

CVE-2024-13117

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...

CVE-2024-13698 Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation

The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'downloadimageviaai' and 'generateimageviaai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticat...

WordPress Stylish Price List plugin <= 6.9.0 - Arbitrary Image Upload vulnerability

Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.9.0. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.1...

Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...

Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload

The plugin does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...

WordPress Stylish Price List plugin <= 6.8.14 - Unauthenticated Arbitrary Image Upload vulnerability

Unauthenticated Arbitrary Image Upload vulnerability discovered by apple502j in WordPress Stylish Price List plugin versions = 6.8.14. Solution Update the WordPress Stylish Price List plugin to the latest available version at least 6.9.0...

ProjectCMS 1.1b Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =============================================== ProjectCMS 1.1b Multiple Remote Vulnerabilities =============================================== ---------------------------------------------------------------------------------------------- ...

ProjectCMS 1.1b Multiple Remote Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ----------------------------------...

CVE-2005-1583

The vulnerability CVE-2005-1583 affects 1Two News 1.0. It allows remote attackers to perform two actions via direct requests to admin endpoints: (1) delete images for new stories through admin/delete.php and (2) upload arbitrary images through admin/upload.php. The description does not state the ...