WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability

File Upload Numbers Bypass vulnerability discovered by 20kilograma in WordPress Plugin Asgaros Forum versions = 3.0.0...

WordPress Streamit Theme <= 4.0.1 is vulnerable to Arbitrary File Upload

Software Streamit Type Theme Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-2525 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 0e50f93134fe Credits István Márton Required privilege Subscriber...

GHSA-WG47-6JQ2-Q2HH MinIO performs incomplete signature validation for unsigned-trailer uploads

Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...

MinIO performs incomplete signature validation for unsigned-trailer uploads

Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...

WordPress Freetobook Responsive Widget Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Freetobook Responsive Widget versions = 1.1...

WordPress Privyr CRM plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Privyr CRM Integration versions = 1.0.2...

WordPress Split Test For Elementor Plugin <= 1.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Split Test For Elementor versions = 1.8.3...

WordPress B Blocks plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Logan Cote in WordPress Plugin B Blocks versions = 2.0.0...

WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin Motors versions = 1.4.71...

WordPress Gutenify plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin Gutenify versions = 1.5.7...

WordPress Xpro Elementor Addons plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin Xpro Elementor Addons versions = 1.4.10...

WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin MasterStudy LMS versions = 3.5.28...

WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore in WordPress Plugin FooBox Image Lightbox versions = 2.7.33...

WordPress Woffice Core plugin <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Woffice Core versions = 5.4.21...

WordPress Booster for WooCommerce plugin 4.0.1-7.2.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions 4.0.1-7.2.4...

WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wptobe-signinup versions = 1.1.2...

WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aiden in WordPress Plugin TextMe SMS versions = 1.9.1...

WordPress Publitio plugin <= 2.2.0 - Arbitrary File Read vulnerability

Arbitrary File Read vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Publitio versions = 2.2.0...

WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.19...

WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin MyBookProgress by Stormhill Media versions = 1.0.8...