Lucene search
K

100 matches found

Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.9 views

PT-2025-1673

Name of the Vulnerable Software and Affected Versions WordPress File Upload plugin versions up to and including 4.24.12 Description The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the wfu ABSPATH cookie...

9.8CVSS7.5AI score0.01449EPSS
Exploits1References14
Cvelist
Cvelist
added 2024/11/27 5:22 a.m.25 views

CVE-2024-52958 iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature

A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function...

9.3CVSS0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.2 views

Galaxy Software Services iota C.ai Conversational Platform 数据伪造问题漏洞

Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A data forgery vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from an improper...

9.3CVSS6.8AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2024/10/31 3:15 a.m.4 views

CVE-2024-9708

The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...

5.4CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2024/10/12 7:15 a.m.45 views

CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

9.8CVSS0.92319EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.3 views

PT-2024-38248 · WordPress · Wordpress File Upload

Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to and including 4.24.8 Description: The issue concerns a Stored Cross-Site Scripting vulnerability via SVG file uploads, affecting the WordPress File Upload plugin. This vulnerability is due to...

7.2CVSS6.3AI score0.00438EPSS
Exploits0References12
Patchstack
Patchstack
added 2024/08/07 7:2 a.m.6 views

WordPress WordPress File Upload plugin < 4.24.8 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin WordPress File Upload versions 4.24.8...

6.1CVSS6.1AI score0.00342EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/07 6:16 a.m.2 views

CVE-2024-6494

The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting XSS attacks...

6.1CVSS5.8AI score0.00342EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/16 2:17 a.m.3 views

WordPress WordPress File Upload plugin <= 4.24.7 - Authenticated (Contributor+) Directory Traversal vulnerability

Authenticated Contributor+ Directory Traversal vulnerability discovered by Colin Xu in WordPress Plugin WordPress File Upload versions = 4.24.7...

4.3CVSS7AI score0.00695EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/09 6:59 p.m.14 views

CVE-2024-2847 WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS7.4AI score0.0036EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/07 2:15 p.m.4 views

CVE-2023-36220

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...

7.2CVSS7.5AI score0.02875EPSS
Exploits1References5
OSV
OSV
added 2023/06/19 11:15 a.m.3 views

CVE-2023-2684

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00442EPSS
Exploits2References1
OSV
OSV
added 2023/06/09 6:16 a.m.4 views

CVE-2023-2767

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS7.4AI score0.00376EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/17 12:0 a.m.4 views

WordPress Plugin The Drag and Drop Multiple File Upload PRO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.9AI score0.00542EPSS
Exploits3References3
Prion
Prion
added 2023/04/12 5:15 p.m.21 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...

5.8CVSS7.3AI score0.01994EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/04/12 12:0 a.m.34 views

CVE-2023-26852

An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...

7.7AI score0.01994EPSS
Exploits1References3
Patchstack
Patchstack
added 2023/03/15 12:0 a.m.6 views

WordPress Auto Rename Media On Upload Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Auto Rename Media On Upload Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 67375a1ad894 Credits WordFence Required...

6AI score
Exploits0References2Affected Software1
NVD
NVD
added 2022/09/27 11:15 p.m.15 views

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

9.8CVSS0.00956EPSS
Exploits0References2
CVE
CVE
added 2022/09/27 1:55 a.m.56 views

CVE-2022-37346

The CVE-2022-37346 issue affects the EC-CUBE plugin “Product Image Bulk Upload Plugin” versions 1.0.0 and 4.1.0, which has an insufficient verification (CWE-20) when uploading files. An unauthenticated remote attacker can upload arbitrary non-image files, and if a user with administrative privile...

9.8CVSS9.5AI score0.00956EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.5 views

PT-2022-23319 · Ideastocode · Ideastocode Enable Svg

Name of the Vulnerable Software and Affected Versions: ideasToCode Enable SVG, WebP & ICO Upload plugin version 1.0.1 and earlier Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker, who has at least author or higher user role, can...

5.4CVSS5.2AI score0.00446EPSS
Exploits0References5
Rows per page
Query Builder