4 matches found
Exploit for CVE-2026-1657
CVE-2026-1657 CVE-2026-1657 exp...
PT-2026-8398
The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload file media AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, ...
CVE-2024-13117 Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal
The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...
Global Flash Galleries - swfupload.php Unauthenticated Image Upload Weakness
The global-flash-galleries WordPress plugin was affected by a swfupload.php Unauthenticated Image Upload Weakness security vulnerability...