VYPR

Beeteam368 Extensions

by WordPress

CVEs (4)

  • CVE-2025-25174CriAug 14, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 Extensions: from n/a through <= 1.9.4.

  • CVE-2025-6423HigJul 12, 2025
    risk 0.57cvss 8.8epss 0.01

    The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers with…

  • CVE-2025-6381Jun 28, 2025
    risk 0.00cvss epss 0.01

    The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform…

  • CVE-2025-6379Jun 28, 2025
    risk 0.00cvss epss 0.01

    The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions…