CVE-2025-13516 SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's savefile function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessibl...

CVE-2025-13516

The SureMail – SMTP and Email Logs Plugin for WordPress is affected by an Unauthenticated Arbitrary File Upload in versions

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for...

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...

PT-2017-6703 · Qdpm · Qdpm

Name of the Vulnerable Software and Affected Versions: qdPM version 8.3 Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to various pages in qdPM, including myAccount, projects, tasks, tickets, discussions, reports, and...