Lucene search
K

220 matches found

NVD
NVD
added 2025/11/21 8:15 a.m.5 views

CVE-2025-11456

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ehcrmnewticketpost function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload...

9.8CVSS0.00642EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.5 views

WordPress plugin Vitepos 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.8CVSS6.7AI score0.006EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.6 views

WordPress plugin Flo Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.9 views

PT-2025-47711

Name of the Vulnerable Software and Affected Versions Vitepos – Point of Sale POS for WooCommerce versions up to and including 3.3.0 Description The Vitepos – Point of Sale POS for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation with...

8.8CVSS8AI score0.006EPSS
Exploits0References12
OSV
OSV
added 2025/11/18 11:15 a.m.5 views

CVE-2025-41735

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...

8.8CVSS6.3AI score0.00526EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 10:18 a.m.12 views

CVE-2025-41735 Possible arbitrary file upload

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...

8.8CVSS0.00526EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 10:18 a.m.5 views

CVE-2025-41735 Possible arbitrary file upload

A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution...

8.8CVSS7.8AI score0.00526EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 10:18 a.m.12 views

CVE-2025-41735

CVE-2025-41735 affects METZ CONNECT EWIO2-M, EWIO2-M-BM, and EWIO2-BM devices. A low-privilege, unauthenticated remote attacker can upload arbitrary files to arbitrary locations due to missing file checks, potentially enabling remote code execution. The incident is corroborated by multiple source...

8.8CVSS7.8AI score0.00526EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47292

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A low privileged remote attacker can upload any file to an arbitrary location due to a missing file check, potentially leading to remote code execution. The issue allows for unrestricted file uploads...

8.8CVSS7.8AI score0.00526EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.7 views

WordPress plugin Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.1CVSS6.9AI score0.00598EPSS
Exploits0References4
CVE
CVE
added 2025/11/11 3:30 a.m.20 views

CVE-2025-11170

CVE-2025-11170 concerns the WP移行専用プラグイン for CPI (WordPress) up to version 1.0.2, where missing file type validation in Cpiwm_Import_Controller::import allows unauthenticated uploads of arbitrary files. The consequence stated across sources is potential remote code execution on the affected site, ...

9.8CVSS7.2AI score0.00699EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/08 9:28 a.m.19 views

CVE-2025-11967 Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload

The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the processcontactattributeimport function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above...

7.2CVSS0.00514EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.11 views

CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS7.5AI score0.00737EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/08 12:0 a.m.8 views

PT-2025-45561

Name of the Vulnerable Software and Affected Versions Mail Mint plugin for WordPress versions prior to 1.18.11 Description The Mail Mint plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the process contact attribute import function. Th...

7.2CVSS7.7AI score0.00514EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/06 7:54 a.m.25 views

CVE-2025-12674

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...

9.8CVSS7.6AI score0.00771EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/11/05 7:27 a.m.6 views

CVE-2025-12674 KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload

The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the createmedia function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...

9.8CVSS0.00771EPSS
Exploits2References2
CVE
CVE
added 2025/11/05 7:27 a.m.40 views

CVE-2025-12674

KiotViet Sync plugin for WordPress (versions &lt;= 1.8.5) is vulnerable to unauthenticated arbitrary file uploads due to missing file type validation in create_media(). This can allow uploading arbitrary files to the server and may enable remote code execution. A GitHub exploit exists (CVE-2025-1...

9.8CVSS7.2AI score0.00771EPSS
Exploits2References2
CVE
CVE
added 2025/11/01 6:40 a.m.15 views

CVE-2025-12171

CVE-2025-12171 concerns the WordPress RESTful Content Syndication plugin (versions 1.1.0–1.5.0). The vulnerability is an arbitrary file upload flaw caused by missing file-type validation in ingest_image(), allowing authenticated attackers with Author-level access (or higher) to upload arbitrary f...

8.8CVSS7.1AI score0.00493EPSS
Exploits0References2
NVD
NVD
added 2025/10/24 9:15 a.m.5 views

CVE-2025-11889

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...

7.2CVSS0.00599EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/24 7:23 a.m.7 views

CVE-2025-6440 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

9.8CVSS7.5AI score0.31827EPSS
Exploits12References2
Rows per page
Query Builder