17 matches found
CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
EUVD-2015-9179
Malware in sbrugna...
EUVD-2022-2176
Malicious code in bioql PyPI...
EUVD-2024-3199
Malicious code in bioql PyPI...
EUVD-2024-49481
Malicious code in bioql PyPI...
CVE-2024-8743
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for...
CVE-2025-46654
CVE-2025-46654 affects CodiMD up to version 2.2.0, where a CSP-based XSS protection can be bypassed by uploading an HTML file that references an uploaded JavaScript file. Documented impact is cross-site scripting due to this bypass; the vulnerability applies to 2.2.0 and earlier. No exploit detai...
CVE-2024-8918
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...
Exploit for CVE-2024-8743
CVE-2024-8743 PoC Background Proof-of-Concept script for...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization, allowing an attacker to upload a JavaScript file with a malicious script, which executes when referenced in an HTML file, potentially leading to the theft of...
CVE-2024-8918 File Manager Pro <= 8.3.9 - Unauthenticated Limited JavaScript File Upload
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...
CVE-2024-8918
CVE-2024-8918 affects the File Manager Pro WordPress plugin up to version 8.3.9. Root cause: insufficient checks on allowed file types permit unauthenticated attackers (with admin-granted permissions) to upload .css/.js files, enabling Stored Cross-Site Scripting. Impact: potential data/website s...
CVE-2024-8743 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for...
CVE-2024-8743
The Bit File Manager for WordPress plugin is vulnerable to Limited JavaScript File Upload in all versions up to and including 6.5.7 due to insufficient file-type validation. Authenticated attackers with Subscriber-level access (and above) can upload .css/.js files, enabling Stored Cross-Site Scri...
Hardcoded credentials
Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...
memos 跨站脚本漏洞
memos is an open source hosted memos center with knowledge management and social features. Versions of memos prior to 0.10.0 suffer from a cross-site scripting vulnerability that stems from the fact that its resource upload feature does not restrict the type of file that can be uploaded leading t...
CVE-2020-26583
An issue was discovered in Sage DPW 202006x before 202006002. It allows unauthenticated users to upload JavaScript in a file via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include...