Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 8:16 a.m.42 views

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS0.00379EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/02 7:46 a.m.23 views

EUVD-2026-26757

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/02 7:46 a.m.4 views

CVE-2026-6229

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.14 views

WordPress plugin Royal Elementor Addons 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.13 views

PT-2026-36590

Name of the Vulnerable Software and Affected Versions Royal Elementor Addons versions prior to 1.7.1058 Description The Royal Elementor Addons plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This occurs because the render csv data function does not sufficiently validate...

7.2CVSS5.9AI score0.00379EPSS
Exploits0References17
OSV
OSV
added 2025/10/11 8:40 a.m.8 views

BIT-GRAFANA-IMAGE-RENDERER-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS8.2AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/10 6:27 p.m.12 views

CVE-2025-11539

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS8.3AI score0.00594EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 8:15 a.m.8 views

CVE-2025-11539

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS0.00594EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 7:18 a.m.6 views

CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS7.9AI score0.00594EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/09 7:18 a.m.13 views

CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS0.00594EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/09 7:18 a.m.3 views

CVE-2025-11539 Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS8AI score0.00594EPSS
Exploits0References2
Grafana
Grafana
added 2025/10/09 12:0 a.m.13 views

Arbitrary Code Execution in Grafana Image Renderer Plugin

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

9.9CVSS6.5AI score0.00594EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.4 views

grafana-image-renderer 安全漏洞

grafana-image-renderer is a Grafana open source backend plugin for Grafana. A security vulnerability exists in grafana-image-renderer versions 1.0.0 through 4.0.16, which stems from the /render/csv endpoint that does not validate the filePath parameter, which could lead to remote code execution...

9.9CVSS7.5AI score0.00594EPSS
Exploits0References4
Rows per page
Query Builder