25 matches found
CVE-2025-13329
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...
CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...
CVE-2025-13329 File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers ...
EUVD-2024-35397
Malicious code in bioql PyPI...
CVE-2024-35636
Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...
Malicious code in uploadcare-ckeditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3f45b40158aaeddcc33b1c938c4b734b5ada13389ee6750c54b01b5aab4d5ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9201 Malicious code in uploadcare-ckeditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3f45b40158aaeddcc33b1c938c4b734b5ada13389ee6750c54b01b5aab4d5ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Uploadcare File Uploader and Adaptive Delivery (beta) <= 3.0.11 - Cross-Site Request Forgery
Description The Uploadcare File Uploader and Adaptive Delivery beta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.11. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticate...
CVE-2024-35636
Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...
CVE-2024-35636 WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...
CVE-2024-35636 WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...
WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Mikage.K Patchstack Alliance in WordPress Plugin Uploadcare File Uploader and Adaptive Delivery beta versions = 3.0.11...
WordPress Uploadcare File Uploader and Adaptive Delivery (beta) Plugin <= 3.0.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Uploadcare File Uploader and Adaptive Delivery beta Type Plugin Vulnerable versions = 3.0.11 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-35636 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7af925782e5b...
MAL-2023-467 Malicious code in gatsby-remark-images-uploadcare (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfedda25b5f48c47bf9fe91a2cc6ca0cd8ed5086ecf715776b934cabd3b554ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uploadcare-wordpress (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3539d032a58d539f1abeeed7c1e64a239da65fb248c8155e75f524875042d60c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gatsby-remark-images-uploadcare (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfedda25b5f48c47bf9fe91a2cc6ca0cd8ed5086ecf715776b934cabd3b554ed Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uploadcare-jotform-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d2d37a0408ad8c603efcb131e322f0f2d2a142058620fa1b41f396e212590b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uploadcare-tinymce (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a639188015774141a6e7828027fb105771e51cf101e48ebab5dc6d652e63ed92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in meteor-uploadcare-widget-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 524e985710633866c8a77431e4ded18aa911c225db74bb40da3457894383be3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in uploadcare-redactor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb2b26c8a1379371f8342e7cc3df590d007ad66b38f343af92c1ed418277e70f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...