3 matches found
CVE-2025-7384
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2025-6379
The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handlelivefn function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the...
CVE-2024-7856
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles function and insufficient path validation on the 'file' parameter in all versions up to, and...