10 matches found
CVE-2022-27061
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2025-12352
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...
CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...
EUVD-2025-38238
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...
CVE-2025-12352
The CVE-2025-12352 issue affects the WordPress Gravity Forms plugin, specifically versions up to and including 2.9.20. The vulnerability arises from missing file type validation in the copy_post_image() function, allowing unauthenticated attackers to upload arbitrary files to the affected site’s ...
PT-2025-45404
Name of the Vulnerable Software and Affected Versions Gravity Forms versions up to and including 2.9.20 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the copy post image function. This allows...
WordPress plugin Quick Featured Images 安全漏洞
WordPress Quick Featured Images plugin is a plugin for bulk editing and replacing featured images in WordPress. WordPress Quick Featured Images plugin suffers from an insecure direct object reference vulnerability that stems from the lack of validation of user control keys in the qfisetthumbnail...
The vulnerability of the upload_post_image() function in the Forminator plugin of the WordPress content management system allows a hacker to bypass security restrictions and execute arbitrary code.
The vulnerability of the uploadpostimage function in the Forminator plugin of the WordPress content management system involves unlimited uploading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions and execute arbitrary code...
CVE-2022-27061
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
AeroCMS 0.0.1 Shell Upload
AeroCMS-Unrestricted-File-Upload-POC Author: D4rkP0w4r Description = Upload web shell at Post Image in admin panel Step to Reproduct Login to admin panel - Posts - Add Posts - Post Image - upload malicious file shell.php - access /images/shell.php on url - shell.php page Exploit When upload succe...