The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions
The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authen
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access a
The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'file_download' function in all versions up to, and including,
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrar
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitr
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible
The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks ev
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'un
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not
The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability che
The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix