9 matches found
CVE-2026-2028 Maxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' Parameter
The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...
CVE-2025-34435
AVideo
EUVD-2024-31885
Malicious code in bioql PyPI...
CVE-2024-1170
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handledeletedmedia function in all versions up to, and including,...
CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...
CVE-2024-1170
The CVE-2024-1170 entry concerns the BuddyForms (Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions) WordPress plugin. A missing capability check in the handle_deleted_media function allows unauthenticated attackers to delete arbitrary med...
WordPress Plugin buddyforms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-0291 Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...
WordPress WP Ultimate CSV Importer plugin <= 6.4 - Arbitrary Media File Deletion vulnerability
Arbitrary Media File Deletion vulnerability restricted to the uploads folder of the current year/month discovered in WordPress WP Ultimate CSV Importer plugin versions = 6.4. Solution Update the WordPress WP Ultimate CSV Importer plugin to the latest available version at least 6.4.1...