5 matches found
CVE-2025-15546
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...
CVE-2025-2421
Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Informatics SambaBox allows Code Injection. This issue affects SambaBox: before 5.1...
CVE-2025-2488 XSS in Profelis Informatics' SambaBox
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...
CVE-2025-2421
CVE-2025-2421 affects SambaBox (Profelis Informatics) prior to version 5.1. The root cause is improper control of code generation, enabling a code injection vulnerability. Multiple sources consistently describe impact as code injection with a high severity risk; CVSS metrics in the initial entry ...
avada theme for WordPress cross-site scripting vulnerability
avada theme for WordPress is a responsive multipurpose theme plugin for use in WordPress. A cross-site scripting vulnerability exists in avada theme for WordPress versions prior to 5.1.5. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...