Lucene search
+L

6 matches found

Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-11426 UnderConstructionPage PRO <= 5.76 - Authenticated (Subscriber+) Arbitrary File Read via template_thumbnail Parameter

The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the templatethumbnail parameter and copying their contents into a publicly accessible uploads file...

6.5CVSS0.00308EPSS
Exploits0References2
CVE
CVE
added 6 days ago17 views

CVE-2026-11426

CVE-2026-11426 concerns the UnderConstructionPage PRO plugin for WordPress. The vulnerability, present in all versions up to 5.76, allows Arbitrary File Read via the template_thumbnail parameter, where local file paths are copied into a publicly accessible uploads file. This permits authenticated...

6.5CVSS6.2AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.37 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
EUVD
EUVD
added 2026/07/02 8:33 a.m.9 views

EUVD-2026-41269

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.12 views

PT-2025-43936

Name of the Vulnerable Software and Affected Versions LearnHouse versions prior to 98dfad76aad70711a8113f6c1fdabfccf10509ca Description A flaw exists in LearnHouse that allows for unrestricted file upload. The issue is located within the Course Thumbnail Handler component, specifically affecting ...

9.8CVSS6.6AI score0.00374EPSS
Exploits1References8
Snyk
Snyk
added 2025/08/19 3:41 p.m.5 views

Unrestricted Upload of File with Dangerous Type

Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the Files - Thumbnail parameter when creating/updating an Article. An attacker can run scripts within the context of the applicati...

5.4CVSS6.9AI score0.0032EPSS
Exploits2References3
Rows per page
Query Builder