CVE-2026-2633

Summary (CVE-2026-2633) The Gutenberg Blocks with AI by Kadence WP plugin for WordPress (Kadence Blocks) is affected up to version 3.6.1. The vulnerability arises from a missing capability check in the AJAX handler kadence_import_process_image_data, where authorization relies only on edit_posts a...

EUVD-2015-1195

Malware in sbrugna...

CVE-2024-46647

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via uploadfiles...

CVE-2024-46647

CVE-2024-46647 affects eNMS versions 4.4.0–4.7.1. The vulnerability is a Directory Traversal via the upload_files feature, caused by insufficient input validation, permitting access to sensitive files/directories. Impact is described as high confidentiality risk with no stated integrity/availabil...

CVE-2024-46647

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via uploadfiles...

Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE

The wpdmadminuploadfile AJAX action used a blacklist approach to forbid potential dangerous files, such as PHP, from being uploaded. However, other dangerous extensions, like .php4 were not forbidden. PoC As an author or any account with the uploadfiles capability, attach a .php4 file to a downlo...

Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS

Jerome Bruandet, from NinTechNet, discovered a bypass in the SVG sanitizer, which could lead to an authenticated stored XSS issue from users with the uploadfiles capability...

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...