EUVD-2025-198389

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...

WordPress plugin WP AUDIO GALLERY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-47703

Name of the Vulnerable Software and Affected Versions WP AUDIO GALLERY plugin for WordPress versions prior to 2.1 Description The WP AUDIO GALLERY plugin for WordPress is susceptible to arbitrary file deletion. This is caused by inadequate file path validation within the wpag uploadaudio callback...

BASIS BBj 安全漏洞

BASIS BBj is a language environment from BASIS, Inc. A security vulnerability exists in BASIS BBj versions prior to 25.00 that stems from not properly validating or normalizing input path segments, which could lead to a directory traversal attack...

aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

WordPress Data Tables Generator by Supsystic plugin Arbitrary File Deletion Vulnerability

WordPress Data Tables Generator by Supsystic plugin is WordPress plugin for creating interactive tables and charts that support data visualization and dynamic content presentation. WordPress Data Tables Generator by Supsystic plugin has an arbitrary file deletion vulnerability that stems from...

EUVD-2025-197809

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

CVE-2025-63918

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

CVE-2025-63918

CVE-2025-63918 affects the PDFPatcher executable. The root cause is insufficient validation of user-supplied file paths, enabling directory traversal attacks that allow attackers to upload arbitrary files to arbitrary locations. The entry notes a local attack vector with low complexity and high i...

PDFPatcher 安全漏洞

PDFPatcher is a PDF toolkit for WMJ individual developers. A security vulnerability exists in PDFPatcher that stems from insufficient file path validation and could lead to a directory traversal attack...

CVE-2025-12494

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...

CVE-2025-12494

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...

CVE-2025-12494

CVE-2025-12494 affects the WordPress plugin Image Gallery – Photo Grid & Video Gallery (modula-best-grid-gallery) up to version 2.12.28. The flaw arises from insufficient file path validation in the ajax_import_file function, allowing an authenticated attacker with author-level access (or higher)...

CVE-2025-12494 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...

PT-2025-47040

Name of the Vulnerable Software and Affected Versions The Image Gallery – Photo Grid & Video Gallery versions prior to 2.12.29 Description The Image Gallery – Photo Grid & Video Gallery plugin for WordPress has a flaw that allows for the deletion of arbitrary files. This is due to inadequate...

WordPress plugin Image Gallery – Photo Grid & Video Gallery 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. An authorization issue...

CVE-2025-12089 Data Tables Generator by Supsystic <= 1.10.45 - Authenticated (Admin+) Arbitrary File Deletion

The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cleanCache function in all versions up to, and including, 1.10.45. This makes it possible for authenticated attackers, with Administrator-level acce...

PT-2025-46777

Name of the Vulnerable Software and Affected Versions Data Tables Generator by Supsystic plugin for WordPress versions through 1.10.45 Description The Data Tables Generator by Supsystic plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher t...

CVE-2025-12092

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

CVE-2025-12000

The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnldeletelog function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...