CVE-2026-12684
Description détaillée
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion.
Références et Patchs
Dernières Vulnérabilités
CVE-2023-49900
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command.
CVE-2023-49899
An unauthenticated remote attacker can execute any command on the affected device due to not correctly verifying the origin of a communication channel.
CVE-2026-22752
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10.
