Lucene search
K

45738 matches found

Vulnrichment
Vulnrichment
added 2026/05/21 9:27 p.m.9 views

CVE-2026-6960 BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:27 p.m.8 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References3
NVD
NVD
added 2026/05/21 9:16 a.m.17 views

CVE-2026-9157

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

8.6CVSS0.0012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:7 a.m.10 views

CVE-2026-9157

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

8.6CVSS5.8AI score0.0012EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:26 a.m.11 views

WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.70 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Wannes Verwimp in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.70...

9.8CVSS5.8AI score0.00953EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:25 a.m.10 views

WordPress Piotnet Forms plugin <= 2.1.40 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Piotnet Forms versions = 2.1.40...

9.8CVSS5.8AI score0.0081EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/21 7:22 a.m.8 views

WordPress ProSolution WP Client plugin <= 2.0.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by snr in WordPress Plugin ProSolution WP Client versions = 2.0.0...

9.8CVSS5.8AI score0.00978EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

WordPress plugin BookingPress Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS6AI score0.00672EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42552

Name of the Vulnerable Software and Affected Versions BookingPress Pro versions prior to 5.7 Description The BookingPress Pro plugin for WordPress allows unauthenticated attackers to upload arbitrary files to the server, which may lead to remote code execution. This occurs due to missing file typ...

9.8CVSS6.2AI score0.00672EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/05/20 7:57 p.m.9 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

9.8CVSS6.2AI score0.00526EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 6:0 p.m.13 views

CVE-2026-45444 WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 6:0 p.m.14 views

EUVD-2026-31149

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:0 p.m.16 views

CVE-2026-45444

CVE-2026-45444 describes an arbitrary file upload vulnerability in the WordPress plugin Gift Cards For WooCommerce Pro (WP Swings Gift Cards For WooCommerce Pro) up to version 4.2.6. The issue is triggered by uploading a file of an unrestricted/ dangerous type, potentially enabling the attacker t...

10CVSS5.8AI score0.00282EPSS
In wildExploits0References1
EUVD
EUVD
added 2026/05/20 5:48 p.m.16 views

EUVD-2026-31146

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

9.4CVSS6.5AI score0.00563EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/20 5:2 p.m.12 views

WordPress Gift Cards For WooCommerce Pro plugin <= 4.2.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Joe Bruno, Principal Security Engineer @ Monarx in WordPress Plugin Gift Cards For WooCommerce Pro versions = 4.2.6...

10CVSS5.8AI score0.00282EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/20 2:16 a.m.15 views

CVE-2026-6555

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...

9.8CVSS0.00978EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/20 1:25 a.m.11 views

EUVD-2026-31016

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...

9.8CVSS6.4AI score0.00978EPSS
Exploits0References9
CVE
CVE
added 2026/05/20 1:25 a.m.19 views

CVE-2026-6555

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to 2.0.0 due to an array validation mismatch: only the first file in the upload array is validated for extension/MIME type, while all files are saved to a web-accessible directory. This allows una...

9.8CVSS6.4AI score0.00978EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.6 views

CVE-2026-6555

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...

9.8CVSS6.4AI score0.00978EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.40 views

CVE-2026-6555 ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files'

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...

9.8CVSS0.00978EPSS
Exploits0References10
Rows per page
Query Builder