📄 WordPress WOOCOMMERCE Designer Pro 1.9.26 Shell Upload

WordPress WOOCOMMERCE Designer Pro plugin version 1.9.26 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : WordPress WOOCOMMERCE Designer Pro 1.9.26...

PT-2025-45175

Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.6.0 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress has a flaw related to file uploads. An incorrect...

EUVD-2021-11126

Malware in sbrugna...

CVE-2024-6687

CVE-2024-6687 affects the WordPress plugin CTT Expresso para WooCommerce (versions ≤ 3.2.12). The flaw exposes sensitive data via /wp-content/uploads/cepw, where generated .pdf and log files containing sender/receiver names, phone numbers, physical addresses, and email addresses are publicly acce...

CVE-2022-29451

Cross-Site Request Forgery CSRF leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin = 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory...

WordPress plugin Rara One Click Demo Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. version 1.2.9 and earlier of the Rara One Click Demo Imports plugin are vulnerable to cross-site request...

CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Directory traversal

PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory...

DEBIAN-CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

Authentication flaw

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...