17 matches found
WordPress plugin Orderable 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2024-54192
An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpeditdltgetplugin function at src/tcpedit/plugins/dltutils.c...
EUVD-2020-13278
Malware in sbrugna...
WordPress plugin Optimize More! – CSS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Optimize...
CVE-2025-10690
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplusimportpackinstallplugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers...
PT-2025-34189
Name of the Vulnerable Software and Affected Versions: Inspiro theme for WordPress versions prior to 2.1.3 Description: The Inspiro theme for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the inspiro install plugin function. This allows...
CVE-2025-8418
CVE-2025-8418 : B Slider – Gutenberg Slider Block for WP (WordPress) is vulnerable up to version 1.1.30 due to missing capability checks on the activated_plugin function. Authenticated users with subscriber-level access or higher can install arbitrary plugins, potentially enabling remote code exe...
CVE-2024-52958 iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature
A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function...
CVE-2023-46468
An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function...
Design/Logic Flaw
An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function...
PT-2023-30037 · Unknown · Juzawebcms
Name of the Vulnerable Software and Affected Versions: juzawebCMS versions 3.4 and earlier Description: An issue in the software allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. This enables the attacker to potentially gain control over the...
The vulnerability of the uninstallPluginReqHandle function in TP-LINK’s router software TL-WR886N allows a hacker to execute arbitrary code.
The vulnerability of the uninstallPluginReqHandle function in TP-LINK’s TL-WR886N router software lies in the reading of data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2019-25151 Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activateplugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service...
CVE-2020-19028
File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function...
CVE-2022-47766
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...
Privilege escalation
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability...
Pegasus CMS 1.0 Remote Code Execution
Exploit Title: Pegasus extrafields.php Plugin Remote Code Execution Date: 14 March 2019 Exploit Author: R3zk0n Vendor Homepage: https://www.wisdom.com.au/web/pegasus-cms Software Link: N/A Version: 1.0 Tested on: Linux CVE : N/A The Pegasus CMS is vulnerable to directory travaseral and Remote cod...