CVE-2026-2826

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the uploadfiles capability in the processpattern REST API endpoin...

EUVD-2024-46850

Malicious code in bioql PyPI...

EUVD-2024-32161

Malicious code in bioql PyPI...

CVE-2024-3581

The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to...

CVE-2024-5677

The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the figsaveaftergenerateimage function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...

CVE-2024-3581

CVE-2024-3581 affects the MaxGalleria WordPress plugin. The issue is an unauthorized image upload flaw caused by a missing capability check in add_media_library_images_to_gallery, affecting all versions up to and including 6.4.2. Exploitation requires authentication with at least Subscriber privi...

WordPress plugin MaxGalleria 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

MaxGalleria < 6.4.3 - Missing Authorization

Description The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or...

ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF

The plugin lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the...

WordPress ThirstyAffiliates Affiliate Link Manager plugin <= 3.10.4 - Unauthorized Image Upload + CSRF vulnerabilities

Unauthorized Image Upload + CSRF vulnerabilities discovered by Muhamad Hidayat in WordPress ThirstyAffiliates Affiliate Link Manager plugin versions = 3.10.4. Solution Update the WordPress ThirstyAffiliates Affiliate Link Manager plugin to the latest available version at least 3.10.5...