CVE-2025-13767

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

PT-2025-53417

Name of the Vulnerable Software and Affected Versions Frontend Post Submission Manager Lite WordPress Plugin versions through 1.2.6 Description The Frontend Post Submission Manager Lite WordPress Plugin is affected by a flaw that allows unauthorized data loss. An incorrect authorization check...

GHSA-FMQF-PMCM-8CX9 Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

CVE-2025-13767

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

CVE-2025-13767

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

CVE-2025-13767

Mattermost Jira plugin vulnerability (CVE-2025-13767): versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x

EUVD-2025-205063

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

WordPress Attachments Handler plugin <= 1.1.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Attachments Handler versions = 1.1.7...

PT-2025-52872

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0 Description The software does not properly validate user channel...

CVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...

CVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...

CVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...

Frappe Framework 安全漏洞

Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe India. A security vulnerability exists in the Attachments module of Frappe Framework v15.89.0, which stems from the fact that uploading a specially crafted XML file could lead to...

CVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...

CVE-2025-67289

CVE-2025-67289 affects Frappe Framework, specifically the Attachments module in v15.89.0. The vulnerability allows arbitrary code execution through uploading a crafted XML file, enabling an attacker to run code on the server. The CVSS v3.1 base score is 9.6 (CRITICAL) with network access, no priv...

CVE-2025-67289

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file...

PT-2025-52668

Name of the Vulnerable Software and Affected Versions Frappe Framework version 15.89.0 Description A flaw exists within the Attachments module that permits arbitrary file uploads. Successful exploitation, involving the upload of a specially crafted XML file, could lead to the execution of arbitra...

WordPress Filebird Plugin Missing Authorization Vulnerability

WordPress Filebird Plugin is a media library management plugin for WordPress that allows users to organize media files by creating folders and subfolders to improve the efficiency of media library management. WordPress Filebird Plugin suffers from a missing authorization vulnerability, which can ...

CVE-2025-12581

The Attachments Handler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...