CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...

CVE-2025-26411

Wattsense Bridge devices are affected by CVE-2025-26411 through the web interface Plugin Manager. An authenticated attacker with a valid Wattsense web account can upload malicious Python files to the device, enabling remote root access. The vulnerability is tied to the Plugin Manager functionalit...

PT-2025-6175 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.1.0 Description: An authenticated attacker can use the Plugin Manager of the web interface to upload malicious Python files, enabling remote root access to the device. The attacker needs a valid user accou...

CVE-2023-46188

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3...

CVE-2023-51482

Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2...

CVE-2023-51482 WordPress Eazy Plugin Manager plugin <= 4.1.2 - Auth. Arbitrary Options Update lead to RCE vulnerability

Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2...

CVE-2023-51482 WordPress Eazy Plugin Manager plugin <= 4.1.2 - Auth. Arbitrary Options Update lead to RCE vulnerability

Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2...

WordPress plugin Eazy Plugin Manager 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... An authorization...

PT-2024-14141 · Unknown · Eazy Plugin Manager

Name of the Vulnerable Software and Affected Versions: Eazy Plugin Manager versions n/a through 4.1.2 Description: The issue is related to an Improper Authentication vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through...

WordPress Plugin Manager for Icomoon 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

BIT-LIMESURVEY-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

Eazy Plugin Manager < 4.1.3 - Missing Authorization via update_options

Description The Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateoptions' function in all versions up to, and including, 4.1.2. This makes it possible for...

WordPress Eazy Plugin Manager Plugin <= 4.1.2 is vulnerable to Settings Change

Software Eazy Plugin Manager Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2023-51482 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID c77a30c2a9bf Credits Rafie Muhammad Patchstack...

PT-2023-30364 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A plug-in manager origin validation issue could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute...

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

Overview Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a link following...

WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software Freesoul Deactivate Plugins – Plugin manager and cleanup Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46188 Patch priority Low CVSS severity Low 4.3 Developer Jose Mortellaro PSID...

Coppermine Gallery 1.6.25 Remote Code Execution

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

Jenkins: XSS vulnerability in plugin manager

A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting XSS...

CVE-2023-22687

Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin = 1.9.4.0 versions...

CVE-2023-22687

Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin = 1.9.4.0 versions...