2 matches found
PT-2025-34516 · WordPress · Wptobe-Memberships
Name of the Vulnerable Software and Affected Versions: Wptobe-memberships plugin for WordPress versions through 3.4.2 Description: The Wptobe-memberships plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the del img ajax call function...
CVE-2025-44021
A flaw was found in Ironic. It did not filter file:// paths when used as an image source except to ensure they were a file. This issue could cause config files from well-known paths to be written to disk on a node. Mitigation Currently, no mitigation is available for this vulnerability...