CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

PT-2025-48108

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000 Description An unauthenticated arbitrary file upload issue exists in the /var/tdf/patch contents.php endpoint of the software. The endpoint lacks file type...

WordPress Smart Auto Upload Images plugin Arbitrary File Upload Vulnerability

WordPress Smart Auto Upload Images plugin is a WordPress plugin that is mainly used to automatically upload and manage images. WordPress Smart Auto Upload Images plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation, which can be exploited by an attacker...

WordPress plugin DocoDoco Store Locator 代码问题漏洞

WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...

Dongsheng Logistics Software 安全漏洞

Dongsheng Logistics Software is a logistics management system from Dongsheng, China. A security vulnerability exists in Dongsheng Logistics Software that originates from the /CommMng/Print/UploadMailFile endpoint that does not validate the file type, which could lead to remote code execution...

WordPress plugin Import Export Suite for CSV and XML Datafeed 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

CVE-2024-8480

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirvsavepreventedsizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with...

PT-2021-3982 · WordPress · Woocommerce Stock Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Stock Manager versions up to, and including, 2.5.7 Description: The issue is related to the implementation of the import/export functionality in the WooCommerce Stock Manager plugin for WordPress, specifically in the...