13 matches found
PT-2026-34592
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...
WordPress Fancy Product Designer plugin server-side request forgery vulnerability
WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. A server-side request forgery vulnerability exists in the WordPress Fancy Product Designer plugin, which stems from the presence...
CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...
CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...
CVE-2025-13439
The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...
EUVD-2025-203524
The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the fpdcustomuplodfile AJAX action, which flows directly into the getimagesi...
WordPress plugin Fancy Product Designer 信息泄露漏洞
WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...
PT-2025-51468
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpd custom uplod file AJAX action. The plugin validates the URL ...
CVE-2024-4630
The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-4489
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress plugin Royal Elementor Addons and Templates security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Starter Templates 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-31949 · WordPress · The Starter Templates — Elementor
Name of the Vulnerable Software and Affected Versions: The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress versions up to, and including, 4.2.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and outp...