2110 matches found
CVE-2025-6439
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...
CVE-2025-6439
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...
CVE-2025-6439
The CVE-2025-6439 case concerns the WooCommerce Designer Pro plugin for WordPress (used with Pricom theme). The vulnerability is an unauthenticated arbitrary file deletion due to insufficient file path validation in the wcdp_save_canvas_design_ajax function, affecting versions up to 1.9.26. Conne...
PT-2025-41674
Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions through 1.9.26 Description The WooCommerce Designer Pro plugin for WordPress is affected by an arbitrary file deletion issue. Insufficient file path validation in the wcdp save canvas design ajax function allo...
GHSA-J44M-5V8F-GC9C Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...
CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...
CVE-2025-10494
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...
CVE-2025-10494 Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...
CVE-2025-10494
CVE-2025-10494 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress (versions up to 1.4.89). The root cause is insufficient validation of file paths when deleting profile pictures, allowing an authenticated attacker with Subscriber-level access or higher to delete arbitr...
WordPress plugin Motors – Car Dealership & Classified Listings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
EUVD-2017-0068
Malware in sbrugna...
EUVD-2019-16833
Malware in sbrugna...
EUVD-2017-17151
Malware in sbrugna...
EUVD-2021-2484
Malware in sbrugna...
EUVD-2018-14221
Malware in sbrugna...
EUVD-2018-11750
Malware in sbrugna...
EUVD-2019-9221
Malware in sbrugna...
EUVD-2019-6022
Malware in sbrugna...
EUVD-2019-10034
Malware in sbrugna...
EUVD-2018-6679
Malware in sbrugna...