CVE-2025-11170

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2025-11170 WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

WordPress Demo Import Kit plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress Demo Import Kit plugin, which stems from a lack of file type validation in the import function and can be exploite...

EUVD-2025-35008

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

CVE-2025-11944 givanz Vvveb Raw SQL import.php import sql injection

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

Vvveb SQL注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A SQL injection vulnerability exists in Vvveb 1.0.7.3 and earlier versions, which stems from a SQL injection vulnerability in the Import function of the Raw SQL Handler...

WordPress plugin Demo Import Kit 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress Demo Import Kit plugin, which stems from a lack of file type validation in the import function and can be exploite...

EUVD-2018-4461

Malware in sbrugna...

EUVD-2021-12719

Malware in sbrugna...

EUVD-2023-34945

Malicious code in bioql PyPI...

EUVD-2022-41107

Malicious code in bioql PyPI...

EUVD-2023-34944

Malicious code in bioql PyPI...

EUVD-2022-15633

Malicious code in bioql PyPI...

CVE-2025-9216

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...

CVE-2025-9216

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...

CVE-2025-9216 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...

CVE-2025-9216

CVE-2025-9216 affects StoreEngine WordPress plugin versions up to 1.5.0. The vulnerability arises from an unauthenticated/file-type validation gap in the storeengine_csv/import AJAX action: uploaded files are moved to a server directory after only filename sanitization, enabling arbitrary file up...

WordPress plugin StoreEngine 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-38123

Name of the Vulnerable Software and Affected Versions: StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More versions prior to 1.5.1 Description: The StoreEngine WordPress plugin is susceptible to arbitrary file uploads due to the absence of file ty...

CVE-2025-9800

A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricte...