CVE-2025-2328

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

CVE-2025-2328 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dndremoveuploadedfiles' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated...

CVE-2025-2328

Technical details for CVE-2025-2328 are not provided in the connected documents. Monitor for official updates on affected products, root cause, impact, and remediation.

PT-2025-13443 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7 +2

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress versions up to, and including, 1.3.8.7 Description: The issue is related to insufficient file path validation in the dnd remove uploaded files function, allowing...

CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.5.0. This makes it possible for authenticated...

Path Traversal

agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...

WordPress plugin Product Import Export for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

CVE-2024-13922

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

CVE-2025-1972

CVE-2025-1972 affects the WordPress plugin Export and Import Users and Customers (versions

WordPress plugin Export and Import Users and Customers 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-12479 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Export and Import Users and Customers plugin for WordPress versions prior to 2.6.3 Description: The issue is related to insufficient file path validation in the admin log page function, allowing authenticated attackers with Administrator-leve...

CVE-2025-0694

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access...

GHSA-H254-G997-685C FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

CVE-2024-13922

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

CVE-2025-0694

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access...

CVE-2025-0694 CODESYS Control V3 removable media path traversal

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access...