6 matches found
CVE-2026-5524
The Divi Form Builder plugin for WordPress (versions up to and including 5.1.8) is vulnerable to Unauthenticated Arbitrary File Upload leading to Remote Code Execution. The root cause is insufficient file extension validation in the do_image_upload() function where user-supplied input from accept...
CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...
EUVD-2026-41368
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...
CVE-2024-38272 Auth Bypass in Quick Share
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We...
WordPress Work The Flow Plugin 1.2.1 - Arbitrary File Upload
Work The Flow plugin is prone to an arbitrary file upload vulnerability that submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php. Solution Edit the data from the control "acceptfiletypes"...
CVE-2007-5092
Summary: CVE-2007-5092 is a directory traversal vulnerability in the Dance Music module’s index.php for phpNuke, exploited when register_globals is enabled. The flaw allows remote attackers to include and execute arbitrary local files by injecting a .. path via an ACCEPT_FILE array parameter to m...