CVE-2025-4413 – Pixabay Images for WordPress File Upload Vulnerability

June 18, 2025

CVE ID : CVE-2025-4413

Published : June 18, 2025, 3:15 a.m. | 3 hours, 15 minutes ago

Description : The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50202 – Lychee Path Traversal Vulnerability

Next Article CVE-2025-23252 – NVIDIA NVDebug Unrestricted Access Information Disclosure Vulnerability

Highlights

CVE-2025-4951 – Rapid7 AppSpider Pro Stored Cross-Site Scripting Vulnerability

May 20, 2025

CVE ID : CVE-2025-4951

Published : May 20, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the “ScanName” field.
Despite the application preventing the inclusion of special characters within the “ScanName” field, this could be bypassed by modifying the configuration file directly.

This is fixed as of version 7.5.018

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Representative Line: Brace Yourself

Beyond the Pilot: A Playbook for Enterprise-Scale Agentic AI

GitHub launches MCP Registry to provide central location for trusted servers

MongoDB brings Search and Vector Search to self-managed versions of database

Distribution Release: Security Onion 2.4.180

Distribution Release: Omarchy 3.0.1

Distribution Release: Mauna Linux 25

Distribution Release: SparkyLinux 2025.09

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Shopping Portal using Python Django & MySQL

Perficient Earns Adobe’s Real-time CDP Specialization

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Review: Elecrow’s All-in-one Starter Kit for Pico 2

FOSS Weekly #25.38: GNOME 49 Release, KDE Drama, sudo vs sudo-rs, Local AI on Android and More Linux Stuff

CVE-2025-4413 – Pixabay Images for WordPress File Upload Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-38347 – F2FS Inline Data Corruption Denial of Service (DoS) Vulnerability

CVE-2025-4722 – iSourcecode Placement Management System SQL Injection

Facebook exploit allowed attackers to remotely delete photos

Why Hiring a Fractional CFO in Singapore is a Game-Changer for SMEs

CVE-2025-4951 – Rapid7 AppSpider Pro Stored Cross-Site Scripting Vulnerability

CVE-2025-51865 – Allenai Ai2 Playground Web Service IDOR

How Goldman Sachs Deployed its AI Platform

CVE-2025-3912 – WordPress WS Form LITE Unauthorized Data Access Vulnerability

CVE-2025-4413 – Pixabay Images for WordPress File Upload Vulnerability

Related Posts