28 matches found
CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815
CVE-2026-0815 applies to the WordPress Category Image plugin (v
CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
PT-2026-7495
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
WordPress Category Image plugin <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability
Authenticated Editor+ Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Category Image versions = 2.0...
PT-2025-47711
Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...
Tmall_demo 代码问题漏洞
Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadCategoryImage, resulting in unlimited uploads...
CVE-2025-3969
A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument categoryimage leads to unrestricted upload...
Code-Projects News Publishing Site Dashboard 代码问题漏洞
Code-Projects News Publishing Site Dashboard is an open source news publishing site dashboard from Code-Projects. A code issue vulnerability exists in version 1.0 of Code-Projects News Publishing Site Dashboard, which stems from a misbehavior of the parameter categoryimage in the file...
CVE-2024-9591
The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'categoryimage' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-39708 · WordPress · Category/Taxonomy Image
Name of the Vulnerable Software and Affected Versions: The Category and Taxonomy Image plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via the category image parameter due to insufficient input sanitization and output...
WordPress Advanced Category and Custom Taxonomy Image Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Category and Custom Taxonomy Image Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9425 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 907e16037446...
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Summary The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution RCE on the system. Details In the file upload function of...
GHSA-PWH2-FPFR-X5GF phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Summary The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution RCE on the system. Details In the file upload function of...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
CVE-2024-28105
CVE-2024-28105 concerns phpMyFAQ where the category image upload feature can be abused by manipulating Content-Type and lang to store a PHP file, potentially enabling remote code execution (RCE). The public details describe that by submitting a crafted image upload request, an attacker can bypass...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...