CVE-2024-58349

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them...

CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

CVE-2024-58348 WordPress Background Image Cropper 1.2 Remote Code Execution

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

CVE-2024-58348

Summary: CVE-2024-58348 affects the WordPress Background Image Cropper plugin, version 1.2. An unauthenticated attacker can reach the ups.php endpoint and upload arbitrary files (including PHP scripts), enabling remote code execution on the server. This is a network-accessible issue with low atta...

EUVD-2024-55614

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

EUVD-2023-60583

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

CVE-2023-54352

The CVE-2023-54352 entry concerns WordPress Seotheme, where unauthenticated attackers can trigger remote code execution by uploading malicious files to the theme directory. The attack enables access to a PHP shell at /wp-content/themes/seotheme/mar.php to run system commands and upload additional...

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

CVE-2023-54350

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

EUVD-2023-60581

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

CVE-2023-54350

Affected software: WordPress Augmented-Reality plugin. Vulnerability: remote code execution via the elFinder connector. Access/Impact: unauthenticated attackers can upload and execute arbitrary PHP files on the server. How it exploits: POST to connector.minimal.php with mkfile and put commands to...

PT-2026-47236

Name of the Vulnerable Software and Affected Versions Travelscape version 1.0.3 Description Insufficient validation in the theme's upload functionality allows unauthenticated attackers to upload arbitrary files to the theme directory. This can lead to remote code execution on the affected WordPre...

OpenBullet2 路径遍历漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained a path traversal vulnerability. This vulnerability originated from the wordlist endpoint’s path traversal flaw, which could allow authenticat...

Flowise 代码注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a code injection vulnerability. This vulnerability stemmed from the lack of routing-level authorization in the POST /api/v1/node-custom-function...

PT-2026-47467

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in the Bluetooth component on Windows allows a remote attacker to execute arbitrary code. This is achieved by convincing a user to perform specific UI gestures...

PT-2026-47514

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An inappropriate implementation in SVG allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Recommendations Update to version 149.0.7827.10...

PT-2026-47499

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in InterestGroups, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is...

PT-2026-47469

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in the Proxy component allows a remote attacker to execute arbitrary code through malicious network traffic. Use after free occurs when an application continues ...