6 matches found
CVE-2026-11426 UnderConstructionPage PRO <= 5.76 - Authenticated (Subscriber+) Arbitrary File Read via template_thumbnail Parameter
The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the templatethumbnail parameter and copying their contents into a publicly accessible uploads file...
CVE-2026-11426
CVE-2026-11426 concerns the UnderConstructionPage PRO plugin for WordPress. The vulnerability, present in all versions up to 5.76, allows Arbitrary File Read via the template_thumbnail parameter, where local file paths are copied into a publicly accessible uploads file. This permits authenticated...
CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2026-41269
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
PT-2025-43936
Name of the Vulnerable Software and Affected Versions LearnHouse versions prior to 98dfad76aad70711a8113f6c1fdabfccf10509ca Description A flaw exists in LearnHouse that allows for unrestricted file upload. The issue is located within the Course Thumbnail Handler component, specifically affecting ...
Unrestricted Upload of File with Dangerous Type
Overview moonshine/moonshine is a Laravel administration panel Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the Files - Thumbnail parameter when creating/updating an Article. An attacker can run scripts within the context of the applicati...