89 matches found
CVE-2021-4455
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server whic...
CVE-2025-2525
The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'stAuthenticationController::editprofile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above...
CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload
The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin Booster for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
CVE-2025-2512
The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
CVE-2024-10960
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2024-9659
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mjsmgtuseravatarimageupload function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload...
CVE-2024-9290
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibkrestoremigratecheck function in all versions up to, and including, 2.3.3. This makes it possible for...
CVE-2024-6220
The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2025-0394 Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ghbigfileupload function in all versions up to, and including, 3.7.3.5. This makes it possible for...
Exploit for CVE-2024-52380
CVE-2024-52380 Picsmize = 1.0.0 - Unauthenticated Arbitrar...
CVE-2024-9660
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mjsmgtloaddocumetsnew and mjsmgtloaddocumets functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attacker...
WordPress plugin School Management System 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...
PT-2024-39955 · WordPress · Wpgym
Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin for WordPress versions up to, and including, 67.1.0 Description: The issue is related to arbitrary file uploads due to missing file type validation in the MJ gmgt user avatar image upload functio...
CVE-2024-8856
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...
CVE-2024-10820
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...
CVE-2024-8615
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...
CVE-2024-7985
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizerajaxhandler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...
CVE-2016-15042 Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...
WordPress plugin Frontend File Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...