15 matches found
PT-2026-1424
Name of the Vulnerable Software and Affected Versions MasterStudy LMS WordPress Plugin versions through 3.7.6 Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is susceptible to unauthorized modification and deletion of data. This is due to a...
CVE-2025-11363 Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload
The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpraddonsuploadfile action...
CVE-2025-11363
The CVE-2025-11363 entry concerns the WordPress plugin Royal Addons for Elementor (Royal Elementor Addons and Templates). Multiple connected sources confirm a vulnerability where the plugin versions up to 1.7.1036 lack proper authorization, allowing unauthenticated users to upload media files via...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS from Givan Personal Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2 and earlier, which stems from the incorrect operation of the parameter files in the /system/traits/media.php file...
CVE-2024-53923
CVE-2024-53923 – Centreon Web : Multiple sources (Red Hat, Snyk, CVE listings, PT Security, etc.) confirm a SQL injection in the media-upload form that can be triggered by a user with high privileges. Affected versions include Centreon Web 23.04.x (to 23.04.23), 23.10.x (to 23.10.18), 24.04.x (to...
CVE-2023-2751 Upload Resume <= 1.2.0 - Captcha Bypass
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site...
HorizontCMS Code Issues Vulnerabilities
HorizontCMS is a customer relationship management web platform for individual developers. A security vulnerability exists in HorizontCMS before 1.0.0-beta.3, which can be exploited by attackers to upload .htaccess and .hello files by using the media file upload feature...
CVE-2018-20791
CVE-2018-20791 affects tecrail Responsive FileManager 9.13.4. The issue is an XSS via a media file upload, caused by mishandling of the media_preview action, allowing an attacker to inject script/HTML through the filename. Connected sources confirm the product/version and the vulnerability class;...
Server side request forgery (ssrf)
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address...
CVE-2017-5518
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address...
CVE-2017-5518
GeniXCMS media-file upload feature up to version 0.0.8 is affected by an SSRF vulnerability. The issue arises when the upload mechanism processes a URL, enabling remote attackers to fetch internal network resources (e.g., intranet addresses). The CVE description consistently states SSRF via a URL...
CVE-2017-5518
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address...
CVE-2016-6483
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote...
CVE-2016-6483
The CVE-2016-6483 issue in vBulletin enables remote SSRF via the media-file upload feature, where a crafted URL can trigger a redirection HTTP response. Affected versions include 3.8.x up to 3.8.7 Patch Level 6, 3.8.8 up to Patch Level 2, 3.8.9 up to Patch Level 1, 4.x up to 4.2.2 Patch Level 6, ...
Fast Free Media 1.3 Adult Site Shell Upload
======================================================================================== | Title : Fast Free Media V 1.3 Adult Site Upload Shell Exploiot | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com | Script : Powered by FastFreeMedia.com All Videos Copyright ©...