PT-2023-24339 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.0.2 Description: The issue arises from a hardcoded encryption key and missing file type validation on the ur upload profile pic function. This allows authenticated...

PT-2002-2563 · Nola · Nola

Name of the Vulnerable Software and Affected Versions: NOLA versions 1.1.1 through 1.1.2 Description: The document management module does not restrict the types of files that are uploaded, allowing remote attackers to upload and execute arbitrary PHP files with extensions such as .php4...