Lucene search
K

89 matches found

NVD
NVD
added 2025/04/19 8:15 a.m.31 views

CVE-2021-4455

The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server whic...

9.8CVSS0.00688EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/10 3:29 a.m.21 views

CVE-2025-2525

The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'stAuthenticationController::editprofile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above...

8.8CVSS7.8AI score0.00874EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/04 7:0 a.m.8 views

CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload

The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS8AI score0.00759EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.5 views

WordPress plugin Booster for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

9.8CVSS8.6AI score0.00645EPSS
Exploits0References2
OSV
OSV
added 2025/03/19 12:15 p.m.4 views

CVE-2025-2512

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS6.5AI score0.00888EPSS
Exploits0References3
OSV
OSV
added 2025/02/12 12:15 p.m.4 views

CVE-2024-10960

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

8.8CVSS7.9AI score0.00893EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 4:35 a.m.8 views

CVE-2024-9659

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mjsmgtuseravatarimageupload function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload...

9.8CVSS8AI score0.01612EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:23 a.m.10 views

CVE-2024-9290

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibkrestoremigratecheck function in all versions up to, and including, 2.3.3. This makes it possible for...

9.8CVSS7.8AI score0.03549EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:55 a.m.13 views

CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS8AI score0.35708EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/14 8:23 a.m.22 views

CVE-2025-0394 Groundhogg <= 3.7.3.5 - Authenticated (Author+) Arbitrary File Upload via gh_big_file_upload Function

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ghbigfileupload function in all versions up to, and including, 3.7.3.5. This makes it possible for...

8.8CVSS0.01116EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2024/11/30 2:43 a.m.82 views

Exploit for CVE-2024-52380

CVE-2024-52380 Picsmize = 1.0.0 - Unauthenticated Arbitrar...

10CVSS9.8AI score0.01535EPSS
Exploits3
OSV
OSV
added 2024/11/23 8:15 a.m.1 views

CVE-2024-9660

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mjsmgtloaddocumetsnew and mjsmgtloaddocumets functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attacker...

8.8CVSS7.9AI score0.0103EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.2 views

WordPress plugin School Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...

8.8CVSS8.1AI score0.0103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/23 12:0 a.m.10 views

PT-2024-39955 · WordPress · Wpgym

Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin for WordPress versions up to, and including, 67.1.0 Description: The issue is related to arbitrary file uploads due to missing file type validation in the MJ gmgt user avatar image upload functio...

9.8CVSS9.9AI score0.01145EPSS
Exploits0References8
OSV
OSV
added 2024/11/16 5:15 a.m.4 views

CVE-2024-8856

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...

9.8CVSS7.9AI score0.93709EPSS
Exploits7References5
OSV
OSV
added 2024/11/13 4:15 a.m.2 views

CVE-2024-10820

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2024/11/06 9:15 a.m.3 views

CVE-2024-8615

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearchlocationloadexcelfilecallback function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS7.9AI score0.00829EPSS
Exploits0References2
OSV
OSV
added 2024/10/29 4:15 p.m.6 views

CVE-2024-7985

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizerajaxhandler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

8.8CVSS6.4AI score0.02235EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/16 7:31 a.m.36 views

CVE-2016-15042 Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible for unauthenticated...

9.8CVSS8.3AI score0.05515EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.11 views

WordPress plugin Frontend File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

9.8CVSS7AI score0.05515EPSS
Exploits2References8
Rows per page
Query Builder