100 matches found
PT-2025-1673
Name of the Vulnerable Software and Affected Versions WordPress File Upload plugin versions up to and including 4.24.12 Description The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the wfu ABSPATH cookie...
CVE-2024-52958 iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature
A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function...
Galaxy Software Services iota C.ai Conversational Platform 数据伪造问题漏洞
Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A data forgery vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from an improper...
CVE-2024-9708
The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...
CVE-2024-9047
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...
PT-2024-38248 · WordPress · Wordpress File Upload
Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to and including 4.24.8 Description: The issue concerns a Stored Cross-Site Scripting vulnerability via SVG file uploads, affecting the WordPress File Upload plugin. This vulnerability is due to...
WordPress WordPress File Upload plugin < 4.24.8 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin WordPress File Upload versions 4.24.8...
CVE-2024-6494
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting XSS attacks...
WordPress WordPress File Upload plugin <= 4.24.7 - Authenticated (Contributor+) Directory Traversal vulnerability
Authenticated Contributor+ Directory Traversal vulnerability discovered by Colin Xu in WordPress Plugin WordPress File Upload versions = 4.24.7...
CVE-2024-2847 WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-36220
Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function...
CVE-2023-2684
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2767
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress Plugin The Drag and Drop Multiple File Upload PRO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Design/Logic Flaw
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...
CVE-2023-26852
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file...
WordPress Auto Rename Media On Upload Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Auto Rename Media On Upload Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 67375a1ad894 Credits WordFence Required...
CVE-2022-37346
EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...
CVE-2022-37346
The CVE-2022-37346 issue affects the EC-CUBE plugin “Product Image Bulk Upload Plugin” versions 1.0.0 and 4.1.0, which has an insufficient verification (CWE-20) when uploading files. An unauthenticated remote attacker can upload arbitrary non-image files, and if a user with administrative privile...
PT-2022-23319 · Ideastocode · Ideastocode Enable Svg
Name of the Vulnerable Software and Affected Versions: ideasToCode Enable SVG, WebP & ICO Upload plugin version 1.0.1 and earlier Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker, who has at least author or higher user role, can...