Lucene search
K

6 matches found

CVE
CVE
added 2026/07/02 12:34 p.m.24 views

CVE-2026-5524

The Divi Form Builder plugin for WordPress (versions up to and including 5.1.8) is vulnerable to Unauthenticated Arbitrary File Upload leading to Remote Code Execution. The root cause is insufficient file extension validation in the do_image_upload() function where user-supplied input from accept...

9.8CVSS6AI score0.00542EPSS
In wildExploits0References2
Cvelist
Cvelist
added 2026/07/02 12:34 p.m.36 views

CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS0.00542EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:34 p.m.8 views

EUVD-2026-41368

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the doimageupload function where user-supplied input from the acceptFileTypes POST...

9.8CVSS6AI score0.00542EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/26 3:19 p.m.33 views

CVE-2024-38272 Auth Bypass in Quick Share

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We...

7.1CVSS6.5AI score0.0021EPSS
Exploits0References2
Patchstack
Patchstack
added 2014/04/24 12:0 a.m.11 views

WordPress Work The Flow Plugin 1.2.1 - Arbitrary File Upload

Work The Flow plugin is prone to an arbitrary file upload vulnerability that submit an image file via the wtf upload panel and intercept the POST request to /wp-admin/admin-ajax.php. Solution Edit the data from the control "acceptfiletypes"...

3.3AI score
Exploits0References1Affected Software1
CVE
CVE
added 2007/09/26 8:0 p.m.45 views

CVE-2007-5092

Summary: CVE-2007-5092 is a directory traversal vulnerability in the Dance Music module’s index.php for phpNuke, exploited when register_globals is enabled. The flaw allows remote attackers to include and execute arbitrary local files by injecting a .. path via an ACCEPT_FILE array parameter to m...

6.8CVSS7.2AI score0.02302EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder