WordPress plugin Bei Fen 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The ordPress Bei Fen plugin has a file inclusion vulnerability that stems from not doing effective filtering of local file resource calls, which can be exploited by an attacker ...

CVE-2025-10380

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when processing custom Twig templates in the Mod...

CVE-2025-34205

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 VA and SaaS deployments contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php found in several containers...

CVE-2009-20006

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility admin/filemanager.php. The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to...

CVE-2009-20006 osCommerce <= 2.2 Admin File Manager Arbitrary PHP Code Execution

osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility admin/filemanager.php. The interface allows file uploads and edits without sufficient input validation or access control. An unauthenticated attacker can craft a POST request to...

CVE-2025-10269

CVE-2025-10269 concerns the Spirit Framework WordPress plugin (

CVE-2025-8417

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...

CVE-2025-9874 Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwpdashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

CVE-2025-8417 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...

CVE-2025-10246

A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited-File-Upload up to 124fe96324915490c81eaf7db3234b0b4e4bab3c. This affects an unknown part of the file /f.php. This manipulation of the argument h causes cross site scripting. Remote exploitation of the attack is possible. The...

PT-2025-37113

Name of the Vulnerable Software and Affected Versions: lokibhardwaj PHP-Code-For-Unlimited-File-Upload versions up to 124fe96324915490c81eaf7db3234b0b4e4bab3c Description: A weakness exists in the file /f.php within the software. Manipulation of the argument h can lead to cross-site scripting...

PT-2025-37159

Name of the Vulnerable Software and Affected Versions: The Ultimate Classified Listings plugin for WordPress versions up to and including 1.6 Description: The Ultimate Classified Listings plugin for WordPress is susceptible to Local File Inclusion via the uclwp dashboard shortcode. Authenticated...

Linux Distros Unpatched Vulnerability : CVE-2020-18185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. CVE-2020-18185 Note th...

Linux Distros Unpatched Vulnerability : CVE-2015-8832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with manage their own medi...

Linux Distros Unpatched Vulnerability : CVE-2023-4197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user- supplied input when creating a Website, allowing an attacker ...

CVE-2025-9990 WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portaltype parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the...

CVE-2025-52353

An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...

CVE-2012-10062

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits...

Linux Distros Unpatched Vulnerability : CVE-2016-7980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of...

VulnCheck KEV: CVE-2024-9193

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...