Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High2
Medium0
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2025-07-15

CVE-2025-6423 - Beeteam368 Extensions Plugin

The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN Beeteam368 Extensions

CVE-2025-6423

HIGH CVSS 8.8 2025-07-12
Open Full Technical Breakdown
Threat Entry Updated 2025-07-07

CVE-2025-6381 - Beeteam368 Extensions Plugin

The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.

PLUGIN Beeteam368 Extensions

CVE-2025-6381

HIGH CVSS 8.8 2025-06-28
Open Full Technical Breakdown
Scroll to top