CVE-2025-39557 WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through = 1.5.14...

CVE-2025-39557

CVE-2025-39557 — Kadence WooCommerce Email Designer (WordPress plugin) exposes an Unrestricted Upload of File with Dangerous Type, allowing an attacker to upload a web shell. Affected: Kadence WooCommerce Email Designer versions up to and including 1.5.14. Impact is consistent with file-upload vu...

CVE-2024-55371

Wallos = 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker being an administrator is not...

PT-2025-16885 · Wallos · Wallos

Name of the Vulnerable Software and Affected Versions: Wallos versions 2.38.2 and earlier Description: The issue allows authenticated users to upload malicious files to the server through the restore backup function by uploading a ZIP file. The contents of the ZIP file are extracted on the server...

WordPress plugin WP-Advanced-Search 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Kadence WooCommerce Email Designer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2024-55372

CVE-2024-55372 concerns Wallos

PT-2025-16653 · Kadence · Kadence Woocommerce Email Designer

Name of the Vulnerable Software and Affected Versions: Kadence WooCommerce Email Designer versions 1.5.14 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server. Recommendations: For...

CVE-2025-30967

Cross-Site Request Forgery CSRF vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a...

CVE-2025-26927

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

CVE-2025-30967 WordPress WPJobBoard plugin < 5.11.1 - CSRF to Remote Code Execution (RCE) vulnerability

Cross-Site Request Forgery CSRF vulnerability in NotFound WPJobBoard wpjobboard allows Upload a Web Shell to a Web Server.This issue affects WPJobBoard: from n/a through 5.11.1...

CVE-2025-30967

CVE-2025-30967 is a CSRF-to-Remote Code Execution flaw in WP Job Board (notFound) affecting WP Job Board versions prior to 5.11.1. The advisory lists a high severity (CVSS 3.1: 9.6, Confidentiality/Integrity/Availability all High). Mitigation: upgrade to WP Job Board 5.11.1 or later, which patche...

CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

CVE-2025-26927 WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through = 1.3.7...

CVE-2025-26927

CVE-2025-26927 : Unrestricted Upload of File with Dangerous Type in the AI Hub WordPress Theme (AI Hub:

WordPress plugin WPJobBoard 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

PT-2025-16535 · WordPress · Wpjobboard

Name of the Vulnerable Software and Affected Versions: WPJobBoard affected versions not specified Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting the CSRF vulnerability...

WordPress plugin AI Hub 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

Exploit for Path Traversal in Igniterealtime Openfire

It is an offensive tool for Openfire. This repository contains a...

Exploit for Code Injection in Ispconfig

CVE-2023-46818-Exploit This is my own exploit for CVE-2023-468...