PT-2025-40400

Name of the Vulnerable Software and Affected Versions YOSHOP version 2.0 Description The software is susceptible to an unauthenticated SQL injection through the goodsIds parameter of the /api/goods/listByIds API endpoint. The getListByIds function improperly concatenates user-supplied input into ...

VulnCheck KEV: CVE-2024-56064

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through = 2.3.3...

WordPress Plugin AR For WordPress Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin AR For WordPress, whi...

CVE-2025-60219

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through = 1.9.24...

CVE-2025-60156

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.36...

CVE-2025-60219

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through = 1.9.24...

CVE-2025-60219 WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through = 1.9.24...

CVE-2025-60219 WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through = 1.9.24...

CVE-2025-60219

The CVE-2025-60219 entry concerns HaruTheme WooCommerce Designer Pro (versions up to 1.9.24). The vulnerability is an Unrestricted Upload of File with Dangerous Type, enabling uploading of a web shell to the web server. Root cause centers on permissive file-type handling in the plugin’s upload me...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

CVE-2025-60156 WordPress AR For WordPress plugin <= 8.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

CVE-2025-60156

The CVE-2025-60156 entry concerns WordPress plugin AR For WordPress (vulnerable up to 7.98). Several connected sources describe a CSRF vulnerability that can enable an attacker to upload a Web Shell to the target web server. The underlying issue is that requests are not properly validated, allowi...

PT-2025-39598

Name of the Vulnerable Software and Affected Versions webandprint AR For WordPress versions through 7.98 Description A Cross-Site Request Forgery CSRF issue exists in webandprint AR For WordPress, potentially allowing an attacker to upload a web shell to a web server. This is achieved by exploiti...

WordPress plugin AR For WordPress 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin AR For WordPress, whi...

PT-2025-39621

Name of the Vulnerable Software and Affected Versions HaruTheme WooCommerce Designer Pro versions through 1.9.24 Description The software contains a flaw that permits unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This could lead to unauthorized...

Retail at risk: How one alert uncovered a persistent cyberthreat​​

In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing security compromises in the past year, the risks for businesses continue to increase...

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

PT-2025-38005

Name of the Vulnerable Software and Affected Versions: code-projects Computer Laboratory System version 1.0 Description: The Computer Laboratory System contains a file upload issue. Staff members can upload malicious files, specifically PHP backdoor files, when modifying their avatar information...

CVE-2025-56295

CVE-2025-56295 affects the code-projects Computer Laboratory System 1.0. The issue is a file upload vulnerability in the avatar modification flow, where the upload feature does not restrict file types, enabling staff to upload malicious PHP backdoor files. This can be leveraged to establish a web...