CVE-2018-25335

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to...

EUVD-2025-6443

Malicious code in bioql PyPI...

EUVD-2024-50675

Malicious code in bioql PyPI...

CVE-2025-8559

The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which c...

WordPress Netease Music plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Netease Music versions = 3.2.1...

CVE-2025-2103

The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusicajax function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with...

CVE-2025-2103

CVE-2025-2103 – SoundRise Music (WordPress) Vulnerability exists in SoundRise Music plugin for WordPress (all versions &lt;= 1.6.11). A missing capability check in onMusic_ajax() allows authenticated users with subscriber-level access and above to modify arbitrary options, enabling privilege esca...

WordPress plugin SoundRise Music 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-12202

The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusicajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with...

WordPress Croma Music plugin <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax vulnerability

Authenticated Subscriber+ Arbitrary Options Update in ironMusicajax vulnerability discovered by Tonn in WordPress Plugin Croma Music versions = 3.6...

CVE-2024-12202

The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusicajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with...

CVE-2024-12202

CVE-2024-12202 affects the Croma Music plugin for WordPress (

CVE-2024-12202 Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax

The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusicajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with...

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS Date: 2023-09-05 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php Version: 4.7 REQUIRED Tested on: Windows/Linux...

CVE-2022-29412

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Hermit 音乐播放器 plugin = 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source...

Wordpress Peugeot Music Plugin Arbitrary File Upload Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in version 1.0 of the Wordpress Peugeot Music plugin, which can be exploited by...

Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability

No description provided by source. Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:user/auth/forgot Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: [email protected] Software Link: http://http://www.socialengine.net Version: Social Engine 4.x...

Social Engine 4.x &#40;Music Plugin&#41; Arbitrary File Upload Vulnerability

Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:"user/auth/forgot" Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: [email protected] Software Link: http://http://www.socialengine.net Version: Social Engine 4.x should work on previous versions but...

Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:"user/auth/forgot" Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: email protected Software Link: http://http://www.socialengine.net Version: Socia...