Exploit for CVE-2025-6440

Description WooCommerce Designer Pro plugin for WordPress c...

CVE-2025-6440

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

EUVD-2025-35804

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

VulnCheck KEV: CVE-2025-6440

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. This mak...

EUVD-2025-33851

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...

CVE-2025-6439

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...

CVE-2025-6439 WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...

WordPress plugin WooCommerce Designer Pro 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path...

phpwcms sql injection vulnerability

phpwcms is a website management system that follows the GNU open source protocol and utilizes PHP+MYSQL architecture for development. A SQL injection vulnerability exists in versions of Phpwcms before 1.9.26. An attacker can exploit this vulnerability to perform SQL injection and steal data, etc...

Sql injection

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms'dbprepend' leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to...

PT-2023-12406 · Slackero · Phpcms

Name of the Vulnerable Software and Affected Versions: slackero phpwcms versions up to 1.9.26 Description: A vulnerability was found in the SVG File Handler component of slackero phpwcms, which can be exploited to lead to cross site scripting. The manipulation can be initiated remotely...

WordPress WordPress GDPR & CCPA premium plugin <= 1.9.25 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ace Candelario @0xspade and Victor Paynat-Sautivet 3DS Outscale SOC in WordPress WordPress GDPR & CCPA premium plugin versions = 1.9.25. Solution Update the WordPress WordPress GDPR & CCPA premium plugin to the latest...