55 matches found
Yoast SEO 16.7-17.2 - Information Disclosure
Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified...
CVE-2025-13439
The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...
EUVD-2025-203530
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...
CVE-2025-13439
The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...
WordPress Leyka Plugin <=3.31.6 is vulnerable to Full Path Disclosure (FPD)
Software Leyka Type Plugin Vulnerable versions =3.31.6 Fixed in 3.31.7 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-49252 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 27d1979f75bc Credits Trương Hữu Phúc truonghuuphuc...
WordPress Big File Uploads Plugin <= 2.1.2 is vulnerable to Full Path Disclosure (FPD)
Software Big File Uploads Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Full Path Disclosure FPD CVE CVE-2024-8538 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7d70a0318727 Credits netc4t Required privileg...
WordPress WP Popups Plugin <= 2.2.0.1 is vulnerable to Full Path Disclosure (FPD)
Software WP Popups Type Plugin Vulnerable versions = 2.2.0.1 Fixed in 2.2.0.2 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6555 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 91f90e97fc95 Credits stealthcopter Required...
CVE-2023-47636 Full Path Disclosure via re-export document in pimcore/admin-ui-classic-bundle
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Impact Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page source, require the attacker to have the full path to the file...
CVE-2021-4096
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...
WordPress plugin Fancy Product Designer跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which...
CVE-2018-18839
CVE-2018-18839 affects Netdata 1.10.0 and is described as Full Path Disclosure via api/v1/alarms. The vendor states this behavior is intentional. OpenSUSE advisories mark CVE-2018-18839 as disputed/not fixed in some Nessus entries, while later advisories describe the update as addressing other is...
MyBB 1.8.12 Stored XSS / File Enumeration Vulnerabilities
MyBB versions 1.8.12 and prior is vulnerable to a cross site scripting bug which can allow a moderator to take over an administrator's account and upload a webshell, or perform file enumeration in the instances where it is not possible to spawn a shell...
MyBB 1.8.12 Stored XSS / File Enumeration
| \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | | | |...
Joomla Joomdoc 4.0.3 Path Disclosure
Exploit Title : Joomla comjoomdoc - Full Path Disclosure Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/joomdoc Category: Webapps Tested on: Win Version: 4.0.3 Date: 2016/06/08 PoC: Full Path Disclosure FPD vulnerabilities enable the...
Joomla Docman Path Disclosure / Local File Inclusion
Joomla docman Component 'comdocman' Full Path DisclosureFPD & Local File Disclosure/IncludeLFD/LFI CWE: CWE-200FPD CWE-98LFI/LFD Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 13/07/2015 Vendor Homepage:...
Mingle Forum 1.0.28 - XSS & FPD
The mingle-forum WordPress plugin was affected by a XSS & FPD security vulnerability...
Slash WP - FPD, XSS & CS vulnerabilities
The slash-wp WordPress theme was affected by a FPD, XSS & CS vulnerabilities security vulnerability...
Exploit Scanner <= 1.3.3 - FPD & Security bypass vulnerabilities
The Exploit Scanner WordPress plugin was affected by a FPD & Security bypass vulnerabilities security vulnerability...
RoundCube Webmail Multiple Vulerabilities
No description provided by source. Exploit Title: RoundCube Webmail XSS Voulerability Date: 6.01.2010 Author: j4ck & Globus from elitehackers.pl Software Link: Software link : http://roundcube.net/download Version: 0.2.X , | possible voulerability in higher versions. Tested on: Code : XSS:...