220 matches found
CVE-2025-11456
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...
WordPress plugin Vitepos 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
WordPress plugin Flo Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-47711
Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...
CVE-2025-41735
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...
CVE-2025-41735 Possible arbitrary file upload
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...
CVE-2025-41735 Possible arbitrary file upload
A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...
CVE-2025-41735
CVE-2025-41735 affects METZ CONNECT EWIO2-M, EWIO2-M-BM, and EWIO2-BM devices. A low-privilege, unauthenticated remote attacker can upload arbitrary files to arbitrary locations due to missing file checks, potentially enabling remote code execution. The incident is corroborated by multiple source...
PT-2025-47292
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A low privileged remote attacker can upload any file to an arbitrary location due to a missing file check, potentially leading to remote code execution. The issue allows for unrestricted file uploads...
WordPress plugin Gravity Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2025-11170
CVE-2025-11170 concerns the WP移行専用プラグイン for CPI (WordPress) up to version 1.0.2, where missing file type validation in Cpiwm_Import_Controller::import allows unauthenticated uploads of arbitrary files. The consequence stated across sources is potential remote code execution on the affected site, ...
CVE-2025-11967 Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcontactattributeimport function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above...
CVE-2025-12352
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...
PT-2025-45561
Name of the Vulnerable Software and Affected Versions Mail Mint plugin for WordPress versions prior to 1.18.11 Description The Mail Mint plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the process contact attribute import function. Th...
CVE-2025-12674
The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...
CVE-2025-12674 KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload
The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...
CVE-2025-12674
KiotViet Sync plugin for WordPress (versions <= 1.8.5) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in create_media(). This can allow uploading arbitrary files to the server and may enable remote code execution. A GitHub exploit exists (CVE-2025-1...
CVE-2025-12171
CVE-2025-12171 concerns the WordPress RESTful Content Syndication plugin (versions 1.1.0–1.5.0). The vulnerability is an arbitrary file upload flaw caused by missing file-type validation in ingest_image(), allowing authenticated attackers with Author-level access (or higher) to upload arbitrary f...
CVE-2025-11889
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2025-6440 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...