649 matches found
CVE-2025-13439
The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...
CVE-2025-12529
The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...
CVE-2025-10897
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...
CVE-2025-10897
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...
EUVD-2025-37310
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...
CVE-2025-10897 WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...
CVE-2025-10897
The CVE-2025-10897 vulnerability affects the WooCommerce Designer Pro plugin for WordPress (versions up to and including 1.9.28). It allows unauthenticated arbitrary file reads, enabling an attacker to read server files such as wp-config.php and potentially exposed database credentials. Wordfence...
PT-2025-44586
Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions up to and including 1.9.28 Description The WooCommerce Designer Pro theme for WordPress is susceptible to an arbitrary file read issue. This allows unauthenticated attackers to read arbitrary files on the...
PT-2025-44583
Name of the Vulnerable Software and Affected Versions WordPress User Extra Fields versions up to and including 16.7 Description The WordPress User Extra Fields plugin is susceptible to arbitrary file deletion. This is due to inadequate file path validation within the save fields function...
CVE-2025-7526
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...
VulnCheck KEV: CVE-2016-10960
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter...
EUVD-2006-1133
Malware in sbrugna...
EUVD-2005-4209
Malware in sbrugna...
EUVD-2005-4680
Malware in sbrugna...
EUVD-2018-8571
Malware in sbrugna...
EUVD-2019-5886
Malware in sbrugna...
EUVD-2008-4189
Malware in sbrugna...
EUVD-2020-14420
Malware in sbrugna...
EUVD-2014-5334
Malware in sbrugna...
EUVD-2006-2869
Malware in sbrugna...