CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-22654 – WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-22654
03 Jan 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6. The Simplified Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/McTavishSue/CVE-2025-22654 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 3CVE-2017-1002008 – Membership Simplified <= 1.58 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2017-1002008
13 Mar 2017 — Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. Existe una vulnerabilidad en el plugin membership-simplified-for-oap-members-only v1.58 de WordPress. El código de descarga de archivos en membership-simplified-for-oap-members-only/download.php no verifica si un usuario ha iniciado sesión y si tiene privilegios de des... • https://packetstorm.news/files/id/141677 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7554
https://notcve.org/view.php?id=CVE-2014-7554
20 Oct 2014 — The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Bouqs - Flowers Simplified (también conocido como com.bouqs.activity) 1.8.4 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensib... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •