PT-2026-36968

Name of the Vulnerable Software and Affected Versions Geeky Bot versions prior to 1.2.3 Description The Geeky Bot plugin for WordPress contains a missing authorization flaw. A nopriv AJAX route allows an attacker to control model/function dispatch, reaching a plugin installer helper that download...

maccms_pro 访问控制错误漏洞

Maccmspro is a content management system developed by Maccmspro’s individual developers. Versions of Maccmspro prior to 2022.1.3 had an access control vulnerability. This vulnerability stemmed from an unlimited upload issue in the install function of the file/admi.php/admin/addon/add.html within...

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

Exploit for Cross-site Scripting in Codex-Themes Thegem

TheGem-Theme-Exploit-Chain-One-Click-Full-Compromise-Subscribe...

Linux Distros Unpatched Vulnerability : CVE-2026-25924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an...

DEBIAN-CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

UBUNTU-CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

Malicious code in atlassian-plugin_installer (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

WordPress 安全漏洞

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress that stems from allowing an attacker to bypass the plugin installe...

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

Server side request forgery (ssrf)

A server-side request forgery SSRF vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer...

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

WonderCMS 代码问题漏洞

WonderCMS is an open source PHP-based content management system CMS. WonderCMS 3.1.3 suffers from a code issue vulnerability that stems from server-side request forgery SSRF in the addCustomThemePluginRepository function of index.php, which allows remote attackers to exploit the vulnerability to...

PT-2020-15554 · Jenkins · Jenkins Plugin Installation Manager Tool +1

Name of the Vulnerable Software and Affected Versions: Jenkins Plugin Installation Manager Tool versions 2.1.3 and earlier Description: The issue is related to the Jenkins Plugin Installation Manager Tool not verifying plugin downloads, which may allow third parties to provide crafted plugin...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/helm/helm/pkg/plugin/installer is a Kubernetes Package Manager. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. When installing Helm plugins from a tar archive over HTTP, it is possible for a malicious plugin author to...