Lucene search
K

45738 matches found

Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.13 views

CVE-2026-6555 ProSolution WP Client <= 2.0.0 - Unauthenticated Arbitrary File Upload via 'files'

The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files are processed and...

9.8CVSS6.4AI score0.00978EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

wordpress plugin Gift Cards For WooCommerce Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

10CVSS5.9AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42070

Name of the Vulnerable Software and Affected Versions ProSolution WP Client versions prior to 2.0.1 Description The ProSolution WP Client plugin for WordPress allows unauthenticated attackers to upload malicious PHP files, potentially leading to remote code execution. This occurs due to an array...

9.8CVSS6.1AI score0.00978EPSS
Exploits0References15
OSV
OSV
added 2026/05/19 4:31 p.m.6 views

GHSA-82RC-GXRG-V4GF Budibase: Unrestricted Upload of File with Dangerous Type

Summary The file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions html, svg, js, php, etc. are conditionally wrapped inside if isPublicUser or if isPublicUser || !env.SELFHOSTED, meaning an...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 4:31 p.m.14 views

Budibase: Unrestricted Upload of File with Dangerous Type

Summary The file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions html, svg, js, php, etc. are conditionally wrapped inside if isPublicUser or if isPublicUser || !env.SELFHOSTED, meaning an...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/19 4:16 p.m.12 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

9.8CVSS0.00526EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 1:16 p.m.19 views

CVE-2026-4883

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS0.0081EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 11:18 a.m.41 views

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS0.0081EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 11:18 a.m.16 views

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 11:18 a.m.12 views

EUVD-2026-30892

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 11:18 a.m.6 views

CVE-2026-4883

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 11:18 a.m.14 views

CVE-2026-4883

Piotnet Forms for WordPress (v2.1.40 and earlier) is affected by a vulnerability in the piotnetforms_ajax_form_builder function, where missing file type validation and an incomplete extension blacklist allow unauthenticated arbitrary file uploads. Since the blacklist only blocks php, phpt, php5, ...

9.8CVSS6.5AI score0.0081EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:22 a.m.9 views

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

5.8AI score0.00588EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:22 a.m.38 views

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

0.00588EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:22 a.m.21 views

CVE-2026-31379

CVE-2026-31379 affects Apache OFBiz prior to version 24.09.06. The incident combines multiple flaws: improper neutralization of input (XSS), path traversal restricting directory access, and improper generation of code, enabling a path traversal/file upload validation bypass with potential arbitra...

6.1CVSS5.8AI score0.00588EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/19 8:16 a.m.19 views

CVE-2026-4885

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS0.00953EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/19 6:46 a.m.13 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/19 6:46 a.m.20 views

EUVD-2026-30849

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
CVE
CVE
added 2026/05/19 6:46 a.m.42 views

CVE-2026-4885

The affected product is the Piotnet Addons for Elementor Pro plugin for WordPress. A vulnerability exists in the pafe_ajax_form_builder function across all versions up to and including 7.1.70 due to missing file type validation and an incomplete extension blacklist that blocks only a limited set ...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/19 6:46 a.m.43 views

CVE-2026-4885 Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS0.00953EPSS
Exploits2References2
Rows per page
Query Builder