2180 matches found
Malicious code in web-shell-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14a8faa45f100dea81a84d75a0d68c5e05035913ff94a69ac46b8cd9429c5a81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5738 Malicious code in web-shell-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14a8faa45f100dea81a84d75a0d68c5e05035913ff94a69ac46b8cd9429c5a81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-30933
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...
CVE-2025-28951
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...
CVE-2025-34086
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
CVE-2025-30933
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...
CVE-2025-30933
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...
CVE-2025-30933 WordPress LogisticsHub theme <= 1.1.6 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...
CVE-2025-30933 WordPress LogisticsHub theme <= 1.1.6 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through = 1.1.6...
CVE-2025-30933
CV E-2025-30933 (LogisticsHub) in WordPress LogisticsHub theme (versions <= 1.1.6) has an Unrestricted Upload of File with Dangerous Type vulnerability that allows uploading a web shell to the web server. The weakness affects the plugin/theme in the LogisticsHub line and is currently unpatched...
CVE-2025-28951
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...
CVE-2025-28951
CVE-2025-28951 describes an Unrestricted Upload of File with Dangerous Type in the Bulk Featured Image WordPress plugin (versions up to 1.2.1/1.2.4 per sources). The vulnerability allows uploading of a web shell due to accepting dangerous file types, enabling remote code execution on the web serv...
CVE-2025-28951 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...
CVE-2025-28951 WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through = 1.2.4...
WordPress plugin Bulk Featured Image 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
PT-2025-27906 · Liquidthemes · Logisticshub
Name of the Vulnerable Software and Affected Versions: LiquidThemes LogisticsHub versions 1.1.6 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to significant security...
GHSA-P9QC-8JJX-G8CG Bolt CMS vulnerable to authenticated remote code execution
Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend...
CVE-2025-34086
Bolt CMS versions 3.7.0 and earlier are affected by an authenticated remote code execution chain. An authenticated user can inject PHP code into the displayname field, which is rendered unsanitized in backend templates. The attacker can enumerate and rename cached session files via /async/browse/...
Exploit for CVE-2025-23968
AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GP...
CVE-2025-23968
Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through = 1.9...