4 matches found
CVE-2026-8073
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...
WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-53516
Cisco Talos discloses a pre-auth, reflected XSS in MedDream PACS Premium 7.3.6.870 via the downloadZip.php script, triggered by a crafted URL parameter (seq). Successful exploitation could lead to arbitrary JavaScript execution in the context of the user’s browser. Affected component: Pacs/downlo...
PT-2026-3594
A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...