Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/10/09 4:14 a.m.5 views

CVE-2025-10494

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...

8.1CVSS7.3AI score0.0046EPSS
Exploits0References1
CVE
CVE
added 2025/10/08 3:31 a.m.17 views

CVE-2025-10494

CVE-2025-10494 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress (versions up to 1.4.89). The root cause is insufficient validation of file paths when deleting profile pictures, allowing an authenticated attacker with Subscriber-level access or higher to delete arbitr...

8.1CVSS6.9AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.3 views

WordPress plugin Motors – Car Dealership & Classified Listings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

8.1CVSS7.6AI score0.0046EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.6 views

PT-2025-41219

Name of the Vulnerable Software and Affected Versions The Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.89 Description The software is susceptible to arbitrary file deletion because of inadequate file path validation when deleting profile pictures. An authenticated...

8.1CVSS7.7AI score0.0046EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-24671

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/05/16 2:30 p.m.35 views

CVE-2022-1349 WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

5AI score0.00618EPSS
Exploits1References1
Patchstack
Patchstack
added 2022/04/21 12:0 a.m.40 views

WordPress WPQA - Builder forms Addon plugin < 5.2 - Arbitrary Profile Picture Deletion via IDOR vulnerability

Arbitrary Profile Picture Deletion via IDOR vulnerability discovered by Binit Ghimire in WordPress WPQA - Builder forms Addon plugin versions 5.2. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.2...

4.3CVSS4.1AI score0.00618EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2021/08/04 9:54 a.m.4 views

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any local picture with CSRF attack. It does not matter at all that phproject run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of filebrowser application. It does...

2AI score
Exploits0
CNVD
CNVD
added 2019/07/23 12:0 a.m.3 views

Arbitrary File Deletion Vulnerability in ShyPost Enterprise Management System

ShyPost Enterprise Management System is a set of intelligent ASP-based website building software. ShyPost Enterprise Management System has an arbitrary file deletion vulnerability, the vulnerability stems from the management of the back-end of the deletion of the picture, did not limit the...

7AI score
Exploits0
CVE
CVE
added 2019/02/23 7:0 p.m.44 views

CVE-2019-9052

Pluck CMS 4.7.9-dev1 is affected by a CSRF vulnerability that enables an attacker to delete images via the URI /admin.php?action=deleteimage&var1=. This is documented across multiple sources (e.g., CVE-2019-9052, CNVD-2019-05783) indicating an unauthenticated or cross-site request scenario where ...

6.5CVSS6.4AI score0.00556EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2010/04/24 12:0 a.m.23 views

Memorial Web Site Script Arbitrary Deletion

----------------------------------------------------------------------------------------- Memorial Web Site Script Multiple Arbitrary Delete Vuln ----------------------------------------------------------------------------------------- Author : Chip D3 Bi0s Email : chipdebiosalt+64gmail.com Where...

0.3AI score
Exploits0
Rows per page
Query Builder