CVE-2023-31585 – Grocery-CMS-PHP Unauthenticated File Upload Vulnerability

May 8, 2025

CVE ID : CVE-2023-31585

Published : May 8, 2025, 9:15 p.m. | 2 hours, 22 minutes ago

Description : Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-28074 – phpList XSS Injection

Next Article CVE-2025-4475 – Here is a potential title for the vulnerability: “Apache Struts Remote Code Execution Vulnerability”

Highlights

CVE-2025-5142 – WordPress Simple Page Access Restriction CSRF Vulnerability

May 30, 2025

CVE ID : CVE-2025-5142

Published : May 30, 2025, 10:15 a.m. | 1 hour, 41 minutes ago

Description : The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. This is due to missing nonce validation and capability checks in the settings save handler in the settings.php script. This makes it possible for unauthenticated attackers to (1) enable or disable access protection on all post types or taxonomies, (2) force every new page/post to be public or private, regardless of meta-box settings, (3) cause a silent wipe of all plugin data when it’s later removed, or (4) to conduct URL redirection attacks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2023-31585 – Grocery-CMS-PHP Unauthenticated File Upload Vulnerability

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

CVE-2025-0966 – IBM InfoSphere Information Server SQL Injection Vulnerability

Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine

What is the Role of User Experience (UX) in Organic Search Rankings

Microsoft Brings TITAN Intelligence System to Security Copilot Guided Response

CVE-2025-35006 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

CVE-2025-5142 – WordPress Simple Page Access Restriction CSRF Vulnerability

CVE-2025-4909 – SourceCodester Client Database Management System Directory Traversal

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm

CVE-2025-43850 – Apache Retrieval-Based Voice Conversion WebUI Remote Code Execution

CVE-2023-31585 – Grocery-CMS-PHP Unauthenticated File Upload Vulnerability

Related Posts