14 matches found
PT-2026-5061
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the image replacement from url function that is hooked to the eri from url AJAX action. This makes it possible for...
Exploit for CVE-2025-68472
CVE-2025-68472 !1https://github...
EUVD-2018-10112
Malware in sbrugna...
GHSA-RH67-4C8J-HJJH Nautobot may allows uploaded media files to be accessible without authentication
Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...
CVE-2024-13692
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient protection of sensitive data. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient protection of sensitive data when attachments that are not images are added, due to the lack of authentication procedures. Exploiting this vulnerability can allow...
CVE-2023-1169
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
Authorization
The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...
OoohBoi Steroids for Elementor < 2.1.5 - Arbitrary File Upload
The plugin does not properly protect its fileuploadercallback function with capability checks, which makes it possible for attackers with a low-privilege account, like subscribers, to upload image attachments to the site...
Critical Security Flaw in WordPress Plugin Allows RCE
Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files including PHP files and ultimately execute remote code on vulnerabl...
CVE-2018-18381
Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...
Don't Fall For This Dangerously Convincing Ongoing Phishing Attack
Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers. The attackers first compromise a victim's Gmail account, and once they a...
Cybozu Garoon Email Read Vulnerability
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A security vulnerability exists in Cybozu Garoon...
DEBIAN-CVE-2012-1253
Cross-site scripting XSS vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment...