CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

CVE-2026-3464 WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

CVE-2025-12137

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

WordPress plugin WP Mail Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

WordPress Download Manager Plugin Cross-Site Scripting (CVE-2021-24773)

A stored cross-site scripting vulnerability exists in Download Manager Plugin for WordPress. The vulnerability is due to insufficient sanitization of user-supplied data in Attach File section...

WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed - Create a new Download, add the following payload in the "Version" and "Link Label" fields from the 'Package...

September 1, 2020, update for Office 2016 (KB4484395)

September 1, 2020, update for Office 2016 KB4484395 This article describes update 4484395 for Microsoft Office 2016 that was released on September 1, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't app...

Signal Messenger for Android Message Disclosure Vulnerability

Signal Messenger for Android is an instant messaging application based on the Android platform with encryption features. An information disclosure vulnerability exists in Signal Messenger version 4.24.8 for Android, which is caused by the program retaining an image in its own cache directory when...

Microsoft Outlook Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center. A malicious user could potentially share anonymously-accessible links to other users via email where these links are intended to b...

SQL injection vulnerability in ask2 Q&A attach.php file

ASK2 Q&A system belongs to the Beijing Zhengying Network Technology Co., Ltd. products , is a set of open source php Q&A system , integration of paid Q&A system , paid voice Q&A system . ask2 Q&A system attach.php file SQL injection vulnerability , attackers can use the vulnerability to obtain...

DSA-3715-1 moin - security update

Bulletin has no description...

Joomla Job Line Cross Site Scripting

=================================================== Joomla comjobline Xss Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //...

CVE-2008-2023

Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 invisible and 2 timeoffset parameters to profile/controlpanel.asp and the 3 attachmentid parameter to forums/attach-file.asp...

CVE-2008-2023

Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 invisible and 2 timeoffset parameters to profile/controlpanel.asp and the 3 attachmentid parameter to forums/attach-file.asp...

PT-2005-4099 · Ftgate · Mailsite Express

Name of the Vulnerable Software and Affected Versions: Mailsite Express affected versions not specified Description: The issue allows remote attackers to upload and execute files with executable extensions, such as ASP, by utilizing the compose page feature. Attackers can attach the file and then...