Lucene search
K

25 matches found

NVD
NVD
added 2025/12/20 4:16 a.m.6 views

CVE-2025-13329

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...

9.8CVSS0.00624EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/20 3:20 a.m.3 views

CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...

9.8CVSS7.2AI score0.00624EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/20 3:20 a.m.18 views

CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...

9.8CVSS0.00624EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-35397

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.6 views

CVE-2024-35636

Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...

4.3CVSS7AI score0.00172EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/09 5:6 a.m.3 views

Malicious code in uploadcare-ckeditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3f45b40158aaeddcc33b1c938c4b734b5ada13389ee6750c54b01b5aab4d5ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2024/10/09 5:6 a.m.5 views

MAL-2024-9201 Malicious code in uploadcare-ckeditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3f45b40158aaeddcc33b1c938c4b734b5ada13389ee6750c54b01b5aab4d5ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.11 views

Uploadcare File Uploader and Adaptive Delivery (beta) <= 3.0.11 - Cross-Site Request Forgery

Description The Uploadcare File Uploader and Adaptive Delivery beta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.11. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticate...

4.3CVSS9.2AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2024/06/01 9:15 a.m.9 views

CVE-2024-35636

Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...

4.3CVSS5.1AI score0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/01 9:7 a.m.13 views

CVE-2024-35636 WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...

4.3CVSS7AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/01 9:7 a.m.15 views

CVE-2024-35636 WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...

4.3CVSS5.1AI score0.00172EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/30 9:3 a.m.3 views

WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mikage.K Patchstack Alliance in WordPress Plugin Uploadcare File Uploader and Adaptive Delivery beta versions = 3.0.11...

4.3CVSS7AI score0.00172EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/30 12:0 a.m.9 views

WordPress Uploadcare File Uploader and Adaptive Delivery (beta) Plugin <= 3.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Uploadcare File Uploader and Adaptive Delivery beta Type Plugin Vulnerable versions = 3.0.11 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-35636 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7af925782e5b...

4.3CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/12 2:2 a.m.6 views

MAL-2023-467 Malicious code in gatsby-remark-images-uploadcare (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfedda25b5f48c47bf9fe91a2cc6ca0cd8ed5086ecf715776b934cabd3b554ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/12 2:2 a.m.3 views

Malicious code in uploadcare-wordpress (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3539d032a58d539f1abeeed7c1e64a239da65fb248c8155e75f524875042d60c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/12 2:2 a.m.2 views

Malicious code in gatsby-remark-images-uploadcare (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfedda25b5f48c47bf9fe91a2cc6ca0cd8ed5086ecf715776b934cabd3b554ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/12 2:2 a.m.3 views

Malicious code in uploadcare-jotform-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d2d37a0408ad8c603efcb131e322f0f2d2a142058620fa1b41f396e212590b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/12 2:2 a.m.5 views

Malicious code in uploadcare-tinymce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a639188015774141a6e7828027fb105771e51cf101e48ebab5dc6d652e63ed92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/12 2:2 a.m.6 views

Malicious code in meteor-uploadcare-widget-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 524e985710633866c8a77431e4ded18aa911c225db74bb40da3457894383be3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/12 2:2 a.m.4 views

Malicious code in uploadcare-redactor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb2b26c8a1379371f8342e7cc3df590d007ad66b38f343af92c1ed418277e70f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Rows per page
Query Builder