Lucene search
+L

136 matches found

NVD
NVD
added 2025/12/12 4:15 a.m.9 views

CVE-2025-14344

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

9.8CVSS0.00467EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.38 views

CVE-2025-14344 Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

9.8CVSS0.00467EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.5 views

CVE-2025-14344 Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

9.8CVSS5.8AI score0.00467EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-5553

Malware in sbrugna...

6.1CVSS6AI score0.05361EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-2581

Malware in sbrugna...

8.8CVSS8.6AI score0.00993EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-3483

Malware in sbrugna...

4.3CVSS6AI score0.06124EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-0270

Malware in sbrugna...

4.3CVSS6AI score0.03135EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-2388

Malware in sbrugna...

5CVSS6AI score0.05323EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/09/20 12:30 a.m.17 views

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

7.3CVSS7.2AI score0.01448EPSS
Exploits4References1
NVD
NVD
added 2025/09/18 4:15 p.m.8 views

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

7.3CVSS0.01448EPSS
Exploits4References4
CVE
CVE
added 2025/09/18 12:0 a.m.42 views

CVE-2025-55912

ClipBucket 5.5.0 and earlier versions are affected by an unauthenticated arbitrary file upload vulnerability in the plupload endpoint at photo_uploader.php due to missing access controls in the upload handler. Exploitation can lead to remote code execution by uploading crafted PHP files (as shown...

7.3CVSS6.9AI score0.01448EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2025/09/18 12:0 a.m.15 views

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

0.01448EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.7 views

PT-2025-38416

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.0 Description An issue exists in ClipBucket that allows an unauthenticated attacker to upload arbitrary files via the photo uploader.php plupload endpoint due to missing access controls in the upload handler...

7.3CVSS6.9AI score0.01448EPSS
Exploits4References9
Vulnrichment
Vulnrichment
added 2025/09/18 12:0 a.m.4 views

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

6.9AI score0.01448EPSS
Exploits4References4
OSV
OSV
added 2025/09/18 12:0 a.m.5 views

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

7.3CVSS7.3AI score0.01448EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2021-23562

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to uplo...

8.8CVSS7.1AI score0.00993EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-4566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject...

6.1CVSS6.3AI score0.05361EPSS
Exploits0References2
OSV
OSV
added 2024/10/25 10:15 p.m.4 views

CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...

4.8CVSS5.8AI score0.00229EPSS
Exploits1References1
NVD
NVD
added 2024/10/25 10:15 p.m.24 views

CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...

4.8CVSS0.00229EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.6 views

PT-2024-33050 · Wtcms · Wtcms

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: An issue in the plupload method within the AssetController.class.php file allows for Cross Site Scripting XSS due to unprocessed app parameters. Recommendations: For WTCMS version 1.0, consider disabling the...

4.8CVSS5.7AI score0.00229EPSS
Exploits1References3
Rows per page
Query Builder