CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpdispatcherprocessupload function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

7.5CVSS0.00466EPSS

Exploits0References2

Cvelist•added 2025/10/03 11:17 a.m.•6 views

CVE-2025-9212 WP Dispatcher <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload

7.5CVSS0.00466EPSS

Exploits0References2

EUVD•added 2025/10/03 11:17 a.m.•2 views

EUVD-2025-32247

7.5CVSS7.2AI score0.00466EPSS

Exploits0References3

CVE•added 2025/10/03 11:17 a.m.•17 views

CVE-2025-9212

The CVE refers to WP Dispatcher for WordPress (plugin) with Arbitrary File Upload via wp_dispatcher_process_upload() in all versions up to 1.2.0. Affected: WordPress plugin WP Dispatcher; attacker must be authenticated at Subscriber level or higher. Impact: upload of arbitrary files that could le...

7.5CVSS7.3AI score0.00466EPSS

Exploits0References2

Positive Technologies•added 2025/10/03 12:0 a.m.•2 views

PT-2025-40491

Name of the Vulnerable Software and Affected Versions WP Dispatcher plugin for WordPress versions prior to 1.2.1 Description The WP Dispatcher plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the wp dispatcher process upload function...

7.5CVSS7.3AI score0.00466EPSS

Exploits0References5

RedhatCVE•added 2025/10/01 4:23 a.m.•3 views

CVE-2025-10000

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS7.3AI score0.00353EPSS

Exploits0References1

Vulnrichment•added 2025/09/30 3:35 a.m.•4 views

CVE-2025-10000 Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload

6.4CVSS6.9AI score0.00353EPSS

Exploits0References2

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-39947

Name of the Vulnerable Software and Affected Versions Post By Email versions through 1.0.4b Description The Post By Email plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the save attachments function. This allows unauthenticated...

9.8CVSS7.8AI score0.00663EPSS

Exploits0References10

Positive Technologies•added 2025/09/30 12:0 a.m.•3 views

PT-2025-39928

Name of the Vulnerable Software and Affected Versions Qyrr – simply and modern QR-Code creation plugin for WordPress versions through 2.0.7 Description The Qyrr plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the blob to file function...

6.4CVSS7.8AI score0.00353EPSS

Exploits0References5

RedhatCVE•added 2025/09/27 5:34 a.m.•13 views

CVE-2025-10747

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

7.2CVSS7.3AI score0.00606EPSS

Exploits0References1

NVD•added 2025/09/26 6:15 a.m.•4 views

CVE-2025-10747

7.2CVSS0.00606EPSS

Exploits0References4

CVE•added 2025/09/26 5:27 a.m.•19 views

CVE-2025-10747

CVE-2025-10747 - WP-DownloadManager (WordPress) is validated by Wordfence as an authenticated, high-severity vulnerability: missing file-type validation in download-add.php allows an Administrator+ attacker to upload arbitrary files on the server, potentially enabling remote code execution. Affec...

7.2CVSS7AI score0.00606EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by