WordPress Auto Thumbnailer plugin <= 1.0 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Auto Thumbnailer versions = 1.0...

CVE-2025-12154

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload...

CVE-2025-12154

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload...

CVE-2025-12154 Auto Thumbnailer <= 1.0 - Authenticated (Contributor+) Arbitrary File Upload

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload...

EUVD-2025-201365

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload...

CVE-2025-12154

CVE-2025-12154 (Auto Thumbnailer, WordPress) The vulnerability is an authenticated arbitrary file upload flaw in the Auto Thumbnailer plugin, affecting versions up to 1.0. The uploadThumb() function lacks proper file-type validation, enabling attackers with Contributor+ privileges to upload arbit...

CVE-2025-12154 Auto Thumbnailer <= 1.0 - Authenticated (Contributor+) Arbitrary File Upload

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload...

PT-2025-49203

Name of the Vulnerable Software and Affected Versions Auto Thumbnailer WordPress plugin versions prior to 1.0. Description The Auto Thumbnailer plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the uploadThumb function. This allows...

WordPress plugin Auto Thumbnailer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2019-3133

Malware in sbrugna...

EUVD-2019-5243

Malware in sbrugna...

EUVD-2019-3134

Malware in sbrugna...

EUVD-2010-2644

Malware in sbrugna...

EUVD-2018-10833

Malware in sbrugna...

EUVD-2017-3048

Malware in sbrugna...

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

...

Linux Distros Unpatched Vulnerability : CVE-2018-19120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to...

openSUSE Security Advisory (SUSE-SU-2024:2077-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

SUSE CVE-2010-2641

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer...