Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.11 views

PT-2026-34592

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References4
CNVD
CNVD
added 2025/12/22 12:0 a.m.3 views

WordPress Fancy Product Designer plugin server-side request forgery vulnerability

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. A server-side request forgery vulnerability exists in the WordPress Fancy Product Designer plugin, which stems from the presence...

6.5CVSS6.9AI score0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:20 a.m.3 views

CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

6.5CVSS5.7AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 8:20 a.m.27 views

CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

6.5CVSS0.00151EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 8:15 a.m.4 views

CVE-2025-13439

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...

5.9CVSS0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 7:21 a.m.6 views

EUVD-2025-203524

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the fpdcustomuplodfile AJAX action, which flows directly into the getimagesi...

6.5CVSS5.5AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WordPress plugin Fancy Product Designer 信息泄露漏洞

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...

5.9CVSS6.2AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51468

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpd custom uplod file AJAX action. The plugin validates the URL ...

6.5CVSS6AI score0.00151EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.6 views

CVE-2024-4630

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS6AI score0.00446EPSS
Exploits0References1
OSV
OSV
added 2024/06/07 7:15 a.m.5 views

CVE-2024-4489

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.4 views

WordPress plugin Royal Elementor Addons and Templates security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.1AI score0.00314EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

WordPress plugin Starter Templates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.2AI score0.00446EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/11 12:0 a.m.9 views

PT-2024-31949 · WordPress · The Starter Templates — Elementor

Name of the Vulnerable Software and Affected Versions: The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress versions up to, and including, 4.2.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and outp...

6.4CVSS6.2AI score0.00446EPSS
Exploits0References5
Rows per page
Query Builder