17 matches found
EUVD-2021-24799
Malware in sbrugna...
EUVD-2024-50755
Malicious code in bioql PyPI...
CVE-2024-12300
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the setarfeaturedimage function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging ...
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuffilename"...
CVE-2024-12300
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the setarfeaturedimage function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging ...
CVE-2024-12300
CVE-2024-12300 (AR for WordPress) is an unauthorized double extension file upload vulnerability in the AR for WordPress WordPress plugin, caused by a missing capability check in set_ar_featured_image(). The issue affects all versions up to and including 7.3, enabling unauthenticated attackers to ...
CVE-2024-12300 AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the setarfeaturedimage function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging ...
CVE-2024-12300 AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the setarfeaturedimage function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging ...
CVE-2023-0714
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
CVE-2023-0714
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (MetForm) for WordPress is vulnerable to an unauthenticated Arbitrary File Upload due to insufficient file-type validation up to 3.2.4. The attack uses a “double extension” to upload files with a malicious extension that ap...
CVE-2023-0714 Metform Elementor Contact Form Builder <= 3.2.4 - Unauthenticated Double-Extension Arbitrary File Upload
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious...
CVE-2021-38346
The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...
Directory traversal
The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...
CVE-2021-38346 Brizy <= 2.3.11 Authenticated Unrestricted File Upload and Path Traversal
The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...
CVE-2021-38346
CVE-2021-38346 – Brizy Page Builder for WordPress (
Brizy < 2.3.12 - Authenticated File Upload and Path Traversal
Using the brizycreateblockscreenshot AJAX action, it was possible to provide a filename using the id parameter, and populate the file contents via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin appended .jpg to all uploaded filenames, a double extensio...
Path traversal
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuffilename"...