Ninja Forms File Uploads <= 3.3.26 - Arbitrary File Upload

Ninja Forms File Uploads plugin for WordPress versions up to and including 3.3.26 is vulnerable to unauthenticated arbitrary file upload which could lead to remote code execution. id: CVE-2026-0740 info: name: Ninja Forms File Uploads = 3.3.26 - Arbitrary File Upload author: whattheslime severity...

wpFileManagerExploit

WP File Manager Expoit WP-file-manager wordpress plugin...

PT-2026-34629

Name of the Vulnerable Software and Affected Versions Breeze Cache versions prior to 2.4.5 Description An arbitrary file upload issue exists in the Breeze Cache plugin for WordPress, affecting approximately 400,000 active installations. The flaw is located in the fetch gravatar from remote...

EUVD-2026-22830

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...

PT-2026-30482

UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute...

CVE-2026-32536 WordPress Green Downloads plugin <= 2.08 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through = 2.08...

CVE-2026-32524 WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through = 6.4.9...

CVE-2026-27540 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through = 2.0.3.1...

CVE-2017-20224

CVE-2017-20224 affects Telesquare SKT LTE Router SDT-CS3B1 1.2.0. The issue is an arbitrary file upload vulnerability via enabled WebDAV HTTP methods (PUT, DELETE, MKCOL, MOVE, COPY, PROPPATCH) that allows unauthenticated attackers to upload executable code and manipulate server content, potentia...

CVE-2026-30821

Flowise prior to 3.0.13 is vulnerable to Arbitrary File Upload via MIME spoofing on the /api/v1/attachments/:chatflowId/:chatId endpoint. The server trusts the client-provided Content-Type (file.mimetype) and does not verify file content or extension, so an attacker can upload malicious files by ...

CVE-2026-24960

CVE-2026-24960 is a WordPress vulnerability in the zozothemes Charety theme (versions

PT-2026-22758

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

CVE-2025-65875

An arbitrary file upload vulnerability in the AddFont function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file...

EUVD-2025-206697

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

CVE-2011-10041

CVE-2011-10041 affects the WordPress Uploadify plugin (versions up to 1.0). The vulnerability is an arbitrary file upload in process_upload.php caused by missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the web site, which may enable remote code execu...

CVE-2020-24202

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution...

CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

CVE-2025-67924

CVE-2025-67924 is a WordPress theme vulnerability affecting Corpkit (Corpkit – Business Consulting WordPress Theme)

Priority Web 代码问题漏洞

Priority Web is the Web side of an enterprise resource planning system from Priority Israel. A code issue vulnerability exists in Priority Web that stems from an unrestricted upload of a dangerous type of file, which could lead to an arbitrary file upload attack...

CVE-2025-2155 Arbitrary File Upload in EchoCCS's Specto CM

Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025...