CVE-2025-13536 Blubrry PowerPress <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post'

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when validation fails in the...

PT-2025-48251

Name of the Vulnerable Software and Affected Versions Blubrry PowerPress plugin for WordPress versions through 11.15.2 Description The Blubrry PowerPress plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation. The powerpress edit post function doe...

EUVD-2023-53677

Malicious code in bioql PyPI...

CVE-2025-5402 chaitak-gorai Blogbook GET Parameter edit_post.php sql injection

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/editpost.php of the component GET Parameter Handler. The manipulation of the argument...

Blogbook 注入漏洞

Blogbook is a content management system project by the individual developer Chaitak Gorai. Blogbook has an injection vulnerability that originates from SQL injection of the parameter editpostid in the file /admin/includes/editpost.php...

CVE-2024-0369

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

CVE-2022-30810

elitecms v1.01 is vulnerable to SQL Injection via admin/editpost.php...

CVE-2018-20601

UCMS 1.4.7 has XSS via the description parameter in an index.php listeditpost action...

CVE-2018-19895

ThinkCMF X2.2.2 has SQL Injection via the function editpost in NavController.class.php and is exploitable with the manager privilege via the parentid parameter in a nav action...

PLANET FW-WGS-804HPT 安全漏洞

PLANET FW-WGS-804HPT is a wall-mounted managed switch from PLANET China. A security vulnerability exists in PLANET FW-WGS-804HPT v1.305b241111, which originates from a stack overflow in the tacIp parameter of the webtacplusserverEditpost function...

CVE-2023-49754

Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through = 5.0.0...

CVE-2023-49754 WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through = 5.0.0...

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...

PT-2024-33049 · Wtcms · Wtcms

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: The issue concerns SQL Injection in the edit post method of the /Admin/Controller/NavControl.class.php file via the parentid parameter. This allows for potential exploitation. Recommendations: For WTCMS version...

CVE-2024-3767

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclose...

PHPGurukul News Portal SQL注入漏洞

PHPGurukul News Portal is a news portal from PHPGurukul Inc. An injection vulnerability exists in PHPGurukul News Portal version 4.1, which stems from the parameter posttitle in the file /admin/edit-post.php that can lead to SQL injection...

Design/Logic Flaw

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...

CVE-2024-0369 Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...

CVE-2024-0369 Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...