9 matches found
EUVD-2025-25736
Malicious code in bioql PyPI...
CVE-2025-9048
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-9048
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-9048 Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-9048
CVE-2025-9048 concerns the Wptobe-memberships WordPress plugin. The Wordfence disclosure confirms an authenticated (Subscriber+) path traversal-like flaw in del_img_ajax_call() that permits arbitrary file deletions on affected servers in all versions up to 3.4.2. The description notes that deleti...
CVE-2025-9048 Wptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
PT-2025-34516 · WordPress · Wptobe-Memberships
Name of the Vulnerable Software and Affected Versions: Wptobe-memberships plugin for WordPress versions through 3.4.2 Description: The Wptobe-memberships plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the del img ajax call function...
WordPress plugin Wptobe-memberships 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Wptobe-memberships plugin <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin Wptobe-memberships versions = 3.4.2...