4 matches found
CVE-2026-2354
CVE-2026-2354 affects the Swiss Toolkit For WP WordPress plugin up to version 1.4.6. A flawed file type validation bypass in upload_extension_files() hooks into wp_check_filetype_and_ext and uses strpos() on the filename to validate extensions instead of checking the actual file type. This enable...
EUVD-2025-8819
Malicious code in bioql PyPI...
CVE-2024-5204
The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and...
PT-2024-35100 · WordPress · Swiss Toolkit For Wp
Name of the Vulnerable Software and Affected Versions: Swiss Toolkit For WP plugin for WordPress versions up to, and including, 1.0.7 Description: The issue allows authenticated attackers with contributor-level and above permissions to bypass authentication and log in as any existing user on the...