Filtered by vendor Unitecms
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1710 | 2 Unitecms, Unlimited-elements | 2 Addon Library, Addon Library | 2025-04-22 | 8.8 High |
| The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files. | ||||
| CVE-2023-6925 | 1 Unitecms | 1 Unlimited Addons For Wpbakery Page Builder | 2024-11-21 | 7.2 High |
| The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-6315 | 1 Unitecms | 1 Blox Page Builder | 2024-08-06 | 8.8 High |
| The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
Page 1 of 1.