CVE-2024-33270

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component...

CVE-2024-9504

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-9386

The Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-10790 Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG

The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level...

CVE-2024-9165

The Gift Cards Gift Vouchers and Packages WooCommerce Supported plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-9388

The CVE-2024-9388 entry concerns the WordPress plugin Black Widgets For Elementor. A Stored Cross-Site Scripting (XSS) flaw existed via SVG file uploads in all versions up to 1.3.7, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with...

CVE-2024-8915

CVE-2024-8915 affects the WordPress Category Icon plugin. It is a Stored Cross-Site Scripting (XSS) via SVG file uploads in versions up to 1.0.0 due to insufficient input sanitization and output escaping. An authenticated attacker with Author-level access can inject scripts that run when a user a...

CVE-2024-9066

CVE-2024-9066 concerns the WordPress plugin Marketing and SEO Booster (

CVE-2024-9372

The CVE-2024-9372 entry concerns the WP Blocks Hub WordPress plugin (

CVE-2024-9172

CVE-2024-9172 affects the WordPress plugin Demo Importer Plus. It allows Stored Cross-Site Scripting via SVG uploads in all versions up to 2.0.1. Exploitation requires an authenticated attacker with Author+ privileges, who can inject script into pages that execute when users view the SVG file. Th...

CVE-2024-9060

The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary w...

CVE-2024-9272

CVE-2024-9272 refers to a stored XSS vulnerability in the WordPress plugin “R Animated Icon Plugin” (

CVE-2024-9125

The kingIE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject...

CVE-2024-7304

The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-6804

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-33270

The CVE-2024-33270 vulnerability affects FME Modules fileuploads (version 2.0.3 and earlier; fixed in 2.0.4). A flaw in the uploadfiles.php component allows a remote attacker to obtain sensitive information. Impact is information disclosure; no data integrity or availability impact noted in the p...

Prestashop 安全漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in Prestashop fileuploads v.2.0.3 and earlier versions, which originated from a...

CVE-2024-33270

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component...

PT-2024-25181 · Unknown · Fme Modules Fileuploads

Name of the Vulnerable Software and Affected Versions: FME Modules fileuploads versions 2.0.3 and earlier Description: An issue in FME Modules fileuploads allows a remote attacker to obtain sensitive information via the "uploadfiles.php" component. Recommendations: For versions 2.0.3 and earlier,...

Insecure Defaults

umbracoforms uses insecure defaults. The vulnerability exists as the default configuration for upload forms does not restrict file types in uploads...