EUVD-2024-54466

Malicious code in bioql PyPI...

EUVD-2025-13453

Malicious code in bioql PyPI...

CVE-2024-11617

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetralanguageUpload' and 'zetrafontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary fil...

CVE-2024-11617 Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetralanguageUpload' and 'zetrafontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary fil...

CVE-2024-11617 Envolve Plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetralanguageUpload' and 'zetrafontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary fil...

CVE-2024-11617

CVE-2024-11617 (Envolve Plugin – WordPress) affects the Envolve Plugin up to version 1.0. The issue is unauthenticated arbitrary file upload caused by missing file-type validation in the zetra_languageUpload and zetra_fontsUpload functions, which could allow an attacker to place arbitrary files o...

WordPress plugin Envolve Plugin 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-20483 · Unknown · Envolve Plugin

Name of the Vulnerable Software and Affected Versions: Envolve Plugin versions up to, and including, 1.0 Description: The issue is related to arbitrary file uploads due to missing file type validation in the zetra languageUpload and zetra fontsUpload functions. This allows unauthenticated attacke...

WordPress Envolve Plugin plugin <= 1.0 - Unauthenticated Arbitrary File Upload via language_file and fonts_file vulnerability

Unauthenticated Arbitrary File Upload via languagefile and fontsfile vulnerability discovered by Foxyyy in WordPress Plugin Envolve Plugin versions = 1.0...

CVE-2024-11615

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetradeleteLanguageFile' and 'zetradeleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes ...

CVE-2024-11615

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetradeleteLanguageFile' and 'zetradeleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes ...

CVE-2024-11615 Envolve Plugin <= 1.0 - Unauthenticated Language File Deletion

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetradeleteLanguageFile' and 'zetradeleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes ...

CVE-2024-11615 Envolve Plugin <= 1.0 - Unauthenticated Language File Deletion

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetradeleteLanguageFile' and 'zetradeleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes ...

CVE-2024-11615

CVE-2024-11615 – Envolve Plugin (WordPress) Affects Envolve Plugin for WordPress, versions up to and including 1.0. The vulnerability allows unauthenticated attackers to delete language files through the functions zetra_deleteLanguageFile and zetra_deleteFontsFile due to insufficient validation o...

WordPress Envolve plugin <= 1.0 - Unauthenticated Language File Deletion vulnerability

Unauthenticated Language File Deletion vulnerability discovered by István Márton in WordPress Plugin Envolve Plugin versions = 1.0...

PT-2025-19720 · WordPress · Envolve Plugin

Name of the Vulnerable Software and Affected Versions: Envolve Plugin versions up to, and including, 1.0 Description: The Envolve Plugin for WordPress is vulnerable to arbitrary file deletion due to improper validation of a file or its path prior to deletion. This issue affects the zetra...

WordPress plugin Envolve Plugin 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...