25 matches found
CVE-2024-58348
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...
CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...
CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...
CVE-2024-58348
Summary: CVE-2024-58348 affects the WordPress Background Image Cropper plugin, version 1.2. An unauthenticated attacker can reach the ups.php endpoint and upload arbitrary files (including PHP scripts), enabling remote code execution on the server. This is a network-accessible issue with low atta...
CVE-2024-58348
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...
EUVD-2024-55614
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...
WordPress plugin Background Image Cropper 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Version...
PT-2026-47235
Name of the Vulnerable Software and Affected Versions WordPress Background Image Cropper version 1.2 Description An issue allows unauthenticated attackers to upload arbitrary files by accessing the 'ups.php' endpoint. By utilizing the file upload form within the plugin directory, attackers can...
EUVD-2025-198850
Malicious code in @strapbuild/react-native-perspective-image-cropper-poojan31 npm...
EUVD-2025-198851
Malicious code in @strapbuild/react-native-perspective-image-cropper-2 npm...
EUVD-2025-198718
Malicious code in @strapbuild/react-native-perspective-image-cropper npm...
CVE-2025-11391
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
EUVD-2025-34973
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
CVE-2025-11391
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
CVE-2025-11391
The CVE-2025-11391 issue affects the PPOM – Product Addons & Custom Fields for WooCommerce WordPress plugin (all products up to 33.0.15). The root cause is missing file type validation in the image cropper, allowing unauthenticated arbitrary file uploads on vulnerable sites, with potential remote...
CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...
PT-2025-42696
Name of the Vulnerable Software and Affected Versions PPOM – Product Addons & Custom Fields for WooCommerce versions through 33.0.15 Description The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress has a flaw related to file handling. Specifically, the image cropper...
WordPress Background Image Cropper 1.2 Shell Upload
Exploit Title: Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution Date: 2024-04-16 Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: https://wordpress.org Software Link:...
Advanced Form Builder 2.0 Arbitrary File Upload
==================================================================================================================================== | Title : Advanced Form builder v 2.0 File Upload Image Cropper Take Photo System unrestricted file upload Vulnerability | | Author : indoushka | | Tested on :...