CVE-2026-12515

The CVE concerns Katello within Red Hat Satellite where content uploads lack proper authorization checks in the ContentUploadsController. The issue allows users with the edit_products permission to query whether specific content exists in repositories outside their authorized products, revealing ...

📄 WordPress WOOCOMMERCE Designer Pro 1.9.26 Shell Upload

WordPress WOOCOMMERCE Designer Pro plugin version 1.9.26 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : WordPress WOOCOMMERCE Designer Pro 1.9.26...

PT-2025-45175

Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.6.0 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress has a flaw related to file uploads. An incorrect...

EUVD-2021-11126

Malware in sbrugna...

EUVD-2025-27586

Malicious code in bioql PyPI...

Prompt-In-Content Attacks: Exploiting Uploaded Inputs to Hijack LLM Behavior

Large Language Models LLMs are widely deployed in applications that accept user-submitted content, such as uploaded documents or pasted text, for tasks like summarization and question answering. In this paper, we identify a new class of attacks, prompt in content injection, where adversarial...

CVE-2024-6687

CVE-2024-6687 affects the WordPress plugin CTT Expresso para WooCommerce (versions ≤ 3.2.12). The flaw exposes sensitive data via /wp-content/uploads/cepw, where generated .pdf and log files containing sender/receiver names, phone numbers, physical addresses, and email addresses are publicly acce...

DevBlog 跨站脚本漏洞

DevBlog is a blogging project developed using Node.js Express and MongoDB by Arman Idrisi, an individual developer. A cross-site scripting vulnerability exists in DevBlog v1.0, which stems from the application's lack of valid validation of uploaded files and can be exploited by an attacker to...

CVE-2022-29451

Cross-Site Request Forgery CSRF leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin = 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory...

WordPress plugin Rara One Click Demo Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. version 1.2.9 and earlier of the Rara One Click Demo Imports plugin are vulnerable to cross-site request...

CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Directory traversal

PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory...

DEBIAN-CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

Authentication flaw

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

imacs CMS 0.3.0 - Unrestricted Arbitrary File Upload

imacs CMS 0.3.0 - Unrestricted Arbitrary File Upload ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...