5 matches found
CVE-2025-1028
The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...
CVE-2025-1028
creationtimestamp| type| source ---|---|--- 2025-02-05 03:23:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113949134865705230 2025-02-05 04:15:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhfpk5xebn2t 2025-02-05 04:48:30+00:00| seen|...
CVE-2025-1028
CVE-2025-1028 concerns the WordPress Contact Manager plugin (versions ≤ 8.6.4). Root cause: missing file type validation in the contact form upload feature enables unauthenticated arbitrary file uploads. Impact: on affected sites, arbitrary files can be uploaded to the server; in certain configur...
CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload
The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...
CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload
The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...