25 matches found
CVE-2026-11962
The FileOrganizer WordPress plugin before 1.2.0 does not validate file types on several file-management operations, enabling authenticated users with file-manager access — extended to sub-administrator roles via the premium add‑on — to upload arbitrary PHP files and achieve remote code execution....
CVE-2026-11962
The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...
EUVD-2012-6361
Malware in sbrugna...
EUVD-2012-6362
Malware in sbrugna...
CVE-2021-24890
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a...
CVE-2024-6810 Quiz Organizer <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web...
WordPress plugin Quiz Organizer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-16699 · WordPress · Fileorganizer
Name of the Vulnerable Software and Affected Versions: FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.1.4 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary file...
CVE-2024-7985
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizerajaxhandler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...
CVE-2024-5599
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2024-2324
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...
PT-2024-19734 · WordPress · The Fileorganizer – Manage Wordpress/Website Files
Name of the Vulnerable Software and Affected Versions: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and...
WordPress font-organizer plugin cross-site scripting vulnerability
WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress font-organize...
CVE-2019-9908
The CVE-2019-9908 entry concerns the WordPress Font Organizer plugin (version
CVE-2012-6511
Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...
CVE-2012-6512
The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to 1 pluginhook.php, 2 page/index.php, 3 page/dir.php 4 page/options.php, 5 page/resize.php, 6 page/upload.php, 7 page/users.php, or 8 page/view.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...
CVE-2012-6511
Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...
CVE-2012-6511
CVE-2012-6511 affects the WordPress plugin Organizer (version 1.2.1) and is caused by multiple XSS vulnerabilities in organizer/page/users.php. An attacker can inject arbitrary JavaScript/HTML via the delete_id or extension parameter in an Update Setting action to wp-admin/admin.php, enabling rem...
CVE-2012-6512
CVE-2012-6512 affects the WordPress Organizer plugin v1.2.1, where remote attackers can retrieve the installation path via unspecified vectors targeting multiple pages (plugin_hook.php, page/index.php, page/dir.php, page/options.php, page/resize.php, page/upload.php, page/users.php, page/view.php...