Lucene search
+L

14154 matches found

CVE
CVE
added 2026/07/10 3:31 a.m.11 views

CVE-2026-13430

The WordPress plugin Post Export Import with Media (versions up to 1.13.1) is vulnerable to Arbitrary File Upload. The root cause is insufficient file extension validation during ZIP import: the extension allow-list check in ajax_import_media_start() uses pathinfo() on the raw ZIP entry name, so ...

7.2CVSS6.6AI score0.00615EPSS
Exploits0References7
CVE
CVE
added 2026/07/10 2:30 a.m.16 views

CVE-2026-14894

The CVE concerns the WordPress plugin Super Forms – Drag & Drop Form Builder. All versions up to 6.3.313 are vulnerable to Arbitrary File Upload via the submit_form function due to missing file type validation and absence of any capability check on the submit_form nopriv AJAX handler; the only ba...

9.8CVSS6.6AI score0.00523EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/07/10 2:30 a.m.34 views

CVE-2026-14894 Super Forms <= 6.3.313 - Unauthenticated Arbitrary File Upload via 'data' Parameter (datauristring / value)

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS0.00523EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/07/09 3:21 p.m.9 views

WordPress Post Export Import with Media plugin <= 1.13.1 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by ? in WordPress Plugin Post Export Import with Media versions = 1.13.1...

7.2CVSS5.9AI score0.00615EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/09 2:42 p.m.4 views

WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jamaal ahmed in WordPress Plugin WoowBot Pro Max versions = 14.1.7...

9.9CVSS6.1AI score0.00328EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/09 1:24 p.m.8 views

WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Aimogen Pro versions = 2.8.3...

10CVSS6.1AI score0.00358EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/09 11:16 a.m.9 views

CVE-2026-56291

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00836EPSS
Exploits5References3
NVD
NVD
added 2026/07/09 10:16 a.m.17 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/09 9:53 a.m.15 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score0.00836EPSS
Exploits5References2
EUVD
EUVD
added 2026/07/09 9:53 a.m.7 views

EUVD-2026-42573

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score0.00836EPSS
Exploits5References2
CVE
CVE
added 2026/07/09 9:53 a.m.147 views

CVE-2026-56291

The CVE-2026-56291 entry concerns the Joomla extension Balbooa Forms, where an unauthenticated arbitrary file upload vulnerability allows uploading executable files and leads to full RCE. Affected version is Balbooa Forms

10CVSS6AI score0.00836EPSS
In wildExploits5References3Affected Software1
EUVD
EUVD
added 2026/07/09 8:31 a.m.7 views

EUVD-2026-42549

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 8:31 a.m.32 views

CVE-2026-15158 Blocksy Companion <= 2.1.46 - Unauthenticated Arbitrary File Upload via 'blc-review-images[]' Parameter

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS0.00995EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/09 8:31 a.m.8 views

CVE-2026-15158

The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.1.46 via the saveattachments function. This is due to the Custom Fonts extension registering a wpcheckfiletypeandext filter that approves any filename containing .woff2 or .tt...

9.8CVSS6.6AI score0.00995EPSS
Exploits0References4
CVE
CVE
added 2026/07/09 8:31 a.m.20 views

CVE-2026-15158

Blocksy Companion

9.8CVSS6.6AI score0.00995EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56962

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.13 views

PT-2026-56777

Name of the Vulnerable Software and Affected Versions Balbooa Forms versions prior to 2.4.1 Description The Joomla extension Balbooa Forms, installed as the com baforms component, contains a flaw in its frontend attachment upload functionality. This issue allows an unauthenticated anonymous visit...

10CVSS6.8AI score0.00836EPSS
Exploits5References43
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.10 views

PT-2026-56939

Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through = 1.3.7...

5.3CVSS6.1AI score0.00293EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.6 views

PT-2026-56936

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...

8.5CVSS6.1AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56942

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...

6.5CVSS6.1AI score0.00218EPSS
Exploits0References3
Rows per page
Query Builder