CVE-2016-20080

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wpabspath parameter. Attackers can supply path traversal sequences or remote URLs through the...

CVE-2016-20080

CVE-2016-20080 – WordPress Brandfolder Plugin (v3.0 and earlier) suffers a local file inclusion flaw in callback.php. An unauthenticated attacker can influence the wp_abspath parameter to read arbitrary local files (e.g., wp-config.php) via path traversal or remote URLs, potentially enabling remo...

CVE-2016-20080 WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wpabspath parameter. Attackers can supply path traversal sequences or remote URLs through the...

EUVD-2016-10892

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wpabspath parameter. Attackers can supply path traversal sequences or remote URLs through the...

PT-2026-49218

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp...

EUVD-2025-21583

Malicious code in bioql PyPI...

CVE-2025-5843

The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-5843

The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-5843 Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-5843 Brandfolder <= 5.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-5843

CVE-2025-5843 details: The Brandfolder WordPress plugin (versions up to 5.0.19) is vulnerable to Stored Cross-Site Scripting via the id parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor+ level, enabling an attacker to i...

WordPress plugin Brandfolder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-29706 · WordPress · Brandfolder

Name of the Vulnerable Software and Affected Versions: Brandfolder plugin for WordPress versions prior to 5.0.20 Description: The Brandfolder plugin for WordPress is susceptible to Stored Cross-Site Scripting through the id parameter. Insufficient input sanitization and output escaping allow...

WordPress 插件 Brandfolder v3.0 本地文件包含漏洞

No description provided by source...

WordPress Brandfolder 3.0 Remote / Local File Inclusion

Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link: https://wordpress.org/plugins/brandfolder/ Version: =3.0 Tested on: WAMP / Windows I-Details...

Brandfolder <= 3.0 - File Inclusion

The Brandfolder – Digital Asset Management Simplified. WordPress plugin was affected by a File Inclusion security vulnerability...

WordPress Brandfolder 3.0 Plugin - Remote File Inclusion / Local File Inclusion

Exploit for php platform in category web applications Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link:...

WordPress Plugin Brandfolder 3.0 - LocalRemote File Inclusion

WordPress Plugin Brandfolder 3.0 - LocalRemote File Inclusion Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link:...

WordPress Brandfolder Plugin 3.0 - Remote and Local File Inclusion

Brandfolder plugin is prone to remote and local files inclusion vulnerability. It allows an attacker to host on a server "wp-load.php" file and disable it by using "htaccess". Solution Upgrade the plugin...

WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion

Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link: https://wordpress.org/plugins/brandfolder/ Version: =3.0 Tested on: WAMP / Windows I-Details...