CVE-2025-14867

The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary file...

CVE-2025-14867

The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary file...

CVE-2024-2072

A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack...

WordPress Flashcard Plugin for WordPress plugin <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal vulnerability

Authenticated Contributor+ Arbitrary File Read via Path Traversal vulnerability discovered by Bhumividh Treloges in WordPress Plugin Flashcard versions = 0.9...

CVE-2025-14867 Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal

The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary file...

CVE-2025-14867

CVE-2025-14867 affects the Flashcard Plugin for WordPress. Versions up to 0.9 are vulnerable to a path traversal flaw via the shortcode attribute source in the flashcard shortcode, enabling authenticated attackers with at least contributor privileges to read arbitrary files on the server. The Wor...

CVE-2025-14867 Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal

The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary file...

PT-2026-1568

Name of the Vulnerable Software and Affected Versions The Flashcard plugin for WordPress versions up to and including 0.9 Description The Flashcard plugin for WordPress is susceptible to a Path Traversal issue. This affects versions up to and including 0.9 through the 'source' attribute within th...

WordPress plugin Flashcard 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...

EUVD-2010-1891

Malware in sbrugna...

EUVD-2024-2397

Malicious code in bioql PyPI...

EUVD-2024-2309

Malicious code in bioql PyPI...

EUVD-2024-27037

Malicious code in bioql PyPI...

EUVD-2024-34463

Malicious code in bioql PyPI...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-29073

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...

CVE-2010-1872

Cross-site scripting XSS vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-26020

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

Blocklist Bypass

Anki is vulnerable to a Blocklist Bypass vulnerability. The vulnerability is due to insufficient validation in the LaTeX functionality, which allows a specially crafted malicious flashcard to lead to arbitrary file creation at a fixed path. Attackers can exploit this by sharing a malicious...