CVE-2025-39401

CVE-2025-39401 affects the WordPress WPAMS plugin <= 44.0 and is an Arbitrary File Upload vulnerability. The issue is caused by Unrestricted Upload of File with Dangerous Type, enabling an attacker to upload a web shell to the server. The shell upload target path is /wp-content/uploads/apartme...

CVE-2025-39402 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...

CVE-2025-39406

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in mojoomla WPAMS apartment-management allows PHP Local File Inclusion.This issue affects WPAMS: from n/a through = 44.0...

CVE-2025-39405

CVE-2025-39405 describes an "Incorrect Privilege Assignment" vulnerability in the WordPress WPAMS plugin. Affected software: WPAMS – Apartment Management System for WordPress (versions up to and including 44.0; dated 17-08-2023). Root cause per sources: improper privilege handling enabling privil...

WordPress plugin WPAMS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-17525 · Mojoomla · Wpams

Name of the Vulnerable Software and Affected Versions: WPAMS versions prior to 44.0 Description: The issue affects WPAMS, allowing for Reflected XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting. Recommendations: For versions prior to...