CVE-2025-10380

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Mod...

CVE-2025-10143

The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catchdarkmode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on t...

CVE-2025-10050

The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2025-10050

The CVE-2025-10050 issue affects the WordPress plugin Developer Loggers for Simple History (versions up to 0.5). The underlying flaw is a Local File Inclusion via the enabled_loggers parameter, exploitable by authenticated attackers with Administrator-level access or higher to include and execute...

CVE-2025-10143 Catch Dark Mode <= 2.0 - Authenticated (Contributor+) Local File Inclusion

The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catchdarkmode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on t...

PT-2025-38096

Name of the Vulnerable Software and Affected Versions: Developer Loggers for Simple History plugin for WordPress versions prior to 0.6 Description: The Developer Loggers for Simple History plugin for WordPress is susceptible to a Local File Inclusion issue via the enabled loggers parameter. This...

PT-2025-38097

Name of the Vulnerable Software and Affected Versions: Catch Dark Mode plugin for WordPress versions up to and including 2.0 Description: The Catch Dark Mode plugin for WordPress is susceptible to a Local File Inclusion issue via the catch dark mode shortcode. This allows authenticated attackers...

CVE-2025-10269

The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the executi...

Linux Distros Unpatched Vulnerability : CVE-2021-33816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexe...

CVE-2025-9990

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portaltype parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the...

CVE-2012-10062

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits...

CVE-2014-125113

An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

CVE-2014-125113

An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...

CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...

CVE-2025-34111

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector connector.minimal.php, which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The...

CVE-2025-34111

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector connector.minimal.php, which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The...

CVE-2025-34083

An unrestricted file upload vulnerability exists in the WordPress AIT CSV Import/Export plugin ≤ 3.0.3. The plugin exposes an upload handler at upload-handler.php that allows arbitrary file upload via a multipart/form-data POST request. This endpoint does not enforce authentication or content-typ...

CVE-2025-6746

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server,...

PT-2025-28334 · WordPress · Widgets For Google Reviews

Name of the Vulnerable Software and Affected Versions: The Widget for Google Reviews plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary PHP files on the server via...