6 matches found
CVE-2025-4336
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfile function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2025-4336
creationtimestamp| type| source ---|---|--- 2025-05-24 04:01:22+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpvb2dbzl3w2 2025-05-24 06:50:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpvkkrzh632q...
CVE-2025-4336 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file()
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfile function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2025-4336 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file()
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfile function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2025-4336
The CVE describes an unauthenticated arbitrary file upload in the eMagicOne Store Manager for WooCommerce WordPress plugin (versions
WordPress eMagicOne Store Manager for WooCommerce plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() vulnerability
Unauthenticated Arbitrary File Upload via setfile vulnerability discovered by Ryan Kozak in WordPress Plugin eMagicOne Store Manager versions = 1.2.5...