19 matches found
CVE-2026-8073
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
EUVD-2026-30976
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
CVE-2026-8073
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
CVE-2026-8073 Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
CVE-2026-8073 Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
CVE-2026-8073
The CVE concerns the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin. Affected versions: all up to 6.0.6. Root cause: insufficient file path validation and missing capability check in the downloadZIP function. Impact: unauthenticated attackers can read and delete arbi...
PT-2026-41998
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-53516
A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-53516
A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-53516
A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-53516
Cisco Talos discloses a pre-auth, reflected XSS in MedDream PACS Premium 7.3.6.870 via the downloadZip.php script, triggered by a crafted URL parameter (seq). Successful exploitation could lead to arbitrary JavaScript execution in the context of the user’s browser. Affected component: Pacs/downlo...
PT-2026-3594
A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
LimeSurvey Access Control Error Vulnerability
LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program from the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection. A security vulnerability exists in the 'downloadZip' function of the...
CVE-2019-9960
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path...
CVE-2019-9960
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path...
CVE-2019-9960
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path...
CVE-2019-9960
LimeSurvey up to version 3.16.1+190225 is affected by CVE-2019-9960 via the downloadZip function in application/controllers/admin/export.php, which improperly handles relative paths and enables arbitrary file download. This is described as a path-traversal vulnerability with high to critical impa...
CVE-2019-9960
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. Bugs...