136 matches found
CVE-2025-14344
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...
CVE-2025-14344 Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...
CVE-2025-14344 Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion
The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...
EUVD-2016-5553
Malware in sbrugna...
EUVD-2021-2581
Malware in sbrugna...
EUVD-2015-3483
Malware in sbrugna...
EUVD-2013-0270
Malware in sbrugna...
EUVD-2012-2388
Malware in sbrugna...
CVE-2025-55912
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...
CVE-2025-55912
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...
CVE-2025-55912
ClipBucket 5.5.0 and earlier versions are affected by an unauthenticated arbitrary file upload vulnerability in the plupload endpoint at photo_uploader.php due to missing access controls in the upload handler. Exploitation can lead to remote code execution by uploading crafted PHP files (as shown...
CVE-2025-55912
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...
PT-2025-38416
Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.0 Description An issue exists in ClipBucket that allows an unauthenticated attacker to upload arbitrary files via the photo uploader.php plupload endpoint due to missing access controls in the upload handler...
CVE-2025-55912
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...
CVE-2025-55912
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...
Linux Distros Unpatched Vulnerability : CVE-2021-23562
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to uplo...
Linux Distros Unpatched Vulnerability : CVE-2016-4566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject...
CVE-2024-48239
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...
CVE-2024-48239
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting XSS...
PT-2024-33050 · Wtcms · Wtcms
Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: An issue in the plupload method within the AssetController.class.php file allows for Cross Site Scripting XSS due to unprocessed app parameters. Recommendations: For WTCMS version 1.0, consider disabling the...