11 matches found
CVE-2025-10494
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...
CVE-2025-10494
CVE-2025-10494 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress (versions up to 1.4.89). The root cause is insufficient validation of file paths when deleting profile pictures, allowing an authenticated attacker with Subscriber-level access or higher to delete arbitr...
WordPress plugin Motors – Car Dealership & Classified Listings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
PT-2025-41219
Name of the Vulnerable Software and Affected Versions The Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.89 Description The software is susceptible to arbitrary file deletion because of inadequate file path validation when deleting profile pictures. An authenticated...
EUVD-2022-24671
Malicious code in bioql PyPI...
CVE-2022-1349 WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...
WordPress WPQA - Builder forms Addon plugin < 5.2 - Arbitrary Profile Picture Deletion via IDOR vulnerability
Arbitrary Profile Picture Deletion via IDOR vulnerability discovered by Binit Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
✍️ Description Attacker able to delete any local picture with CSRF attack. It does not matter at all that phproject run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of filebrowser application. It does...
Arbitrary File Deletion Vulnerability in ShyPost Enterprise Management System
ShyPost Enterprise Management System is a set of intelligent ASP-based website building software. ShyPost Enterprise Management System has an arbitrary file deletion vulnerability, the vulnerability stems from the management of the back-end of the deletion of the picture, did not limit the...
CVE-2019-9052
Pluck CMS 4.7.9-dev1 is affected by a CSRF vulnerability that enables an attacker to delete images via the URI /admin.php?action=deleteimage&var1=. This is documented across multiple sources (e.g., CVE-2019-9052, CNVD-2019-05783) indicating an unauthenticated or cross-site request scenario where ...
Memorial Web Site Script Arbitrary Deletion
----------------------------------------------------------------------------------------- Memorial Web Site Script Multiple Arbitrary Delete Vuln ----------------------------------------------------------------------------------------- Author : Chip D3 Bi0s Email : chipdebiosalt+64gmail.com Where...