CVE-2025-13959

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-13959

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-13959 Filestack <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-13959

CVE-2025-13959 affects the Filestack plugin for WordPress. It enables Stored Cross-Site Scripting via the plugin’s filepicker shortcode attributes in all versions up to and including 2.0.8. Authenticated attackers with contributor-level access can inject scripts that execute when users view the a...

PT-2026-20228

Name of the Vulnerable Software and Affected Versions Filestack plugin for WordPress versions prior to 2.0.9 Description The Filestack plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'filepicker' shortcode. Insufficient input sanitization and output escaping on...

EUVD-2019-18443

Malware in sbrugna...

Malicious code in moodle-core_filepicker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 949643a56d52397b063c5839facff57f6727e833e3f48ffaa24500c64ac29d53 Any computer that has this package installed or running should be considered...

MAL-2025-42155 Malicious code in moodle-core_filepicker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 949643a56d52397b063c5839facff57f6727e833e3f48ffaa24500c64ac29d53 Any computer that has this package installed or running should be considered...

Malicious Package

Overview moodle-corefilepicker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2024-7794 Malicious code in infowrap-filepicker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93b2aa17aed385669cd8d8b30befd7c050bdb1fb8c3f2d4003fdbef949c1ce7c The OpenSSF Package Analysis project identified 'infowrap-filepicker' @ 1.0.7 npm as malicious. It is considered malicious because: - The packag...

SUSE CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

Moodle SSRF Vulnerability

Moodle 3.x has Server Side Request Forgery in the filepicker...

CMS Made Simple 2.2.15 Shell Upload

1 Summary Affected software CMS Made Simple-2.2.15 Vendor URLhttp://www.cmsmadesimple.org/ Vulnerability File upload bypass with .phar extension lead to RCE 2 Vulnerability Description The vulnerability affect the FilePicker module, it is possible to bypass the restriction and upload a malicious...

Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. It looks like the 3rd party service that this module integrates with may have been retired. If you would like to maintain this project nevertheless,...

Moodle Filepicker 3.5.2 Server-Side Request Forgery

Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.4, 3.3, 3.3.3, 3.2 ...

Microsoft Internet Explorer 11 - Sandbox Escape

Microsoft Internet Explorer 11 - Sandbox Escape Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

CVE-2019-9057

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...

Design/Logic Flaw

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...

CVE-2019-9057

CVE-2019-9057 affects CMS Made Simple 2.2.8 in the FilePicker module, where an unserialize call with an untrusted parameter allows authenticated object injection. NVD notes a CVSS2 base score of 6.5 and CVSS3.1 base score of 8.8 (high). Connected sources reference a fixed release in CMS Made Simp...

CVE-2019-9057

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...