CVE-2020-36849 – WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability

July 12, 2025

CVE ID : CVE-2020-36849

Published : July 12, 2025, 12:15 p.m. | 5 hours, 44 minutes ago

Description : The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2021-4458 – WordPress Modern Events Calendar Lite SQL Injection

Next Article CVE-2025-7470 – Campcodes Sales and Inventory System Remote File Upload Vulnerability

Highlights

CVE-2025-50983 – Readarr SQLite Database SQL Injection

August 27, 2025

CVE ID : CVE-2025-50983

Published : Aug. 27, 2025, 4:15 p.m. | 9 hours, 34 minutes ago

Description : SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlmap confirmed exploitation via stacked queries, demonstrating that the parameter can be abused to run arbitrary SQL statements. A heavy query was executed using SQLite’s RANDOMBLOB() and HEX() functions to simulate a time-based payload, indicating deep control over database interactions.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2020-36849 – WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Power-hungry AI will devour Japan-sized energy supply by 2030

AI-Driven Development Insiders Launch: 500 Seats. 24 Hours. 50% Off

Is ChatGPT down for you? You’re not alone – here’s the latest

CVE-2025-6424 – Firefox FontFaceSet Use-After-Free Crash Vulnerability

CVE-2025-50983 – Readarr SQLite Database SQL Injection

CVE-2025-48045 – Apache Client Default Admin Credentials Disclosure

MIT Department of Economics to launch James M. and Cathleen D. Stone Center on Inequality and Shaping the Future of Work

CVE-2025-4176 – PHPGurukul Blood Bank & Donor Management System SQL Injection Vulnerability

CVE-2020-36849 – WordPress AIT CSV Import/Export Plugin Arbitrary File Upload Vulnerability

Related Posts