CVE-2019-11680

KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...

CVE-2025-67924 WordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through = 2.0...

CVE-2025-30996 Arbitrary File Upload Vulnerability in WordPress themes by Themify

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.Thi...

CVE-2025-31048

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

CVE-2025-31048 WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

CVE-2025-31048

CVE-2025-31048 affects WordPress plugin/theme Shopo (Themify Shopo) up to version 1.1.4, with an Unrestricted Upload of File with Dangerous Type vulnerability that can permit uploading a web shell to the server. The issue is described across multiple sources (NVD/Red Hat entries and Patchstack), ...

CVE-2025-52835

Cross-Site Request Forgery CSRF vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through = 1.2.0...

CVE-2025-52835

Cross-Site Request Forgery CSRF vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through = 1.2.0...

CVE-2025-52835

Technical details for CVE-2025-52835 are not provided in the supplied documents. No confirmation of affected products, impact, or fixes is available here; please monitor for updates from official advisories.

EUVD-2025-205805

Cross-Site Request Forgery CSRF vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through 1.1.9...

CVE-2025-52835 WordPress WING WordPress Migrator plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through = 1.2.0...

CVE-2025-52835 WordPress WING WordPress Migrator plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through = 1.2.0...

PT-2025-54199

Name of the Vulnerable Software and Affected Versions ConoHa by GMO WING WordPress Migrator versions through 1.1.9 Description A Cross-Site Request Forgery CSRF issue exists in ConoHa by GMO WING WordPress Migrator. This allows for the upload of a web shell to a web server. Exploitation requires ...

CVE-2025-68562 WordPress MapSVG plugin <= 8.7.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3...

Exploit for CVE-2025-15495

CVE-2025-15495 - Arbitrary File Upload Leading to Remote Code...

CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

📄 FlatPress 1.3 Shell Upload

FlatPress version 1.3 remote shell upload proof of concept exploit that leverages a cross site request forgery vulnerability. ============================================================================================================================================= | Title : FlatPress 1.3 shell...