PT-2026-30315

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user has the upload files capability in the process pattern REST API...

EUVD-2017-16575

Malware in sbrugna...

CVE-2024-2361

CVE-2024-2361 affects parisneo/lollms-webui. The vulnerability resides in the install_model() function of lollms_core/lollms/binding.py, where improper sanitization of the file:// protocol and other inputs enables path traversal. Attackers can manipulate the path and variant_name parameters to re...

CVE-2023-45723 Path Traversal which allows file upload capability affects DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Certain endpoints permit users to manipulate the path including the file name where these files are stored on the server...

CVE-2020-36703

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

PT-2023-16193 · WordPress · Custom Content Shortcode

Name of the Vulnerable Software and Affected Versions: Custom Content Shortcode WordPress plugin versions 4.0.2 and earlier Description: The Custom Content Shortcode WordPress plugin does not validate one of its shortcode attributes, which could allow users with a contributor role and above to...

CVE-2004-0059

The CVE-2004-0059 entry describes a directory traversal vulnerability in the upload capability of WWW File Share Pro 2.42 and earlier. The issue allows remote attackers to overwrite arbitrary files by exploiting dot-dot sequences in the filename portion of a Content-Disposition header. Affected s...