Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.4 views

CVE-2025-1028

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

8.1CVSS7.8AI score0.00748EPSS
Exploits0References1
Circl
Circl
added 2025/02/05 3:23 a.m.5 views

CVE-2025-1028

creationtimestamp| type| source ---|---|--- 2025-02-05 03:23:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113949134865705230 2025-02-05 04:15:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhfpk5xebn2t 2025-02-05 04:48:30+00:00| seen|...

8.1CVSS7.8AI score0.00748EPSS
Exploits0References7
CVE
CVE
added 2025/02/05 3:21 a.m.93 views

CVE-2025-1028

CVE-2025-1028 concerns the WordPress Contact Manager plugin (versions ≤ 8.6.4). Root cause: missing file type validation in the contact form upload feature enables unauthenticated arbitrary file uploads. Impact: on affected sites, arbitrary files can be uploaded to the server; in certain configur...

8.1CVSS8.2AI score0.00748EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/05 3:21 a.m.4 views

CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

8.1CVSS8.4AI score0.00748EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/05 3:21 a.m.15 views

CVE-2025-1028 Contact Manager <= 8.6.4 - Unauthenticated Arbitrary Double File Extension Upload

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site'...

8.1CVSS0.00748EPSS
Exploits0References2
Rows per page
Query Builder