52 matches found
CVE-2024-5630
The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...
CVE-2023-0255
The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...
WordPress plugin StoreKeeper for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2025-22771
Name of the Vulnerable Software and Affected Versions ELEX WordPress HelpDesk & Customer Ticketing System versions 3.2.7 and earlier Description The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations...
PT-2025-22768 · Woocommerce · Printcart Web To Print Product Designer
Name of the Vulnerable Software and Affected Versions: Printcart Web to Print Product Designer for WooCommerce versions 2.3.8 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to...
CVE-2025-46264
CVE-2025-46264 (PowerPress Podcasting) is an Unrestricted Upload of Dangerous File vulnerability in the WordPress PowerPress Podcasting plugin. Affected: PowerPress Podcasting, versions up to 11.12.5. Impact: attacker can upload a web shell to the web server, enabling arbitrary file upload and po...
PT-2025-17162 · Joomsky · Joomsky Js Job Manager
Name of the Vulnerable Software and Affected Versions: JoomSky JS Job Manager versions n/a through 2.0.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions n/a through...
CVE-2025-39538 WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search allows Upload a Web Shell to a Web Server. This issue affects WP-Advanced-Search: from n/a through 3.3.9.3...
CVE-2025-39538 WordPress WP-Advanced-Search plugin <= 3.3.9.4 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search wp-advanced-search allows Upload a Web Shell to a Web Server.This issue affects WP-Advanced-Search: from n/a through = 3.3.9.4...
CVE-2025-32579 WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through = 1.0...
CVE-2024-52490
Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through = 2.5.1...
PT-2025-2645 · Unknown · Themeglow Jobboard
Name of the Vulnerable Software and Affected Versions: ThemeGlow JobBoard Job listing versions 1.2.6 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading a...
CVE-2024-56046 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9...
CVE-2024-56057
CVE-2024-56057 affects the WPLMS plugin for WordPress (WPLMS
PT-2024-36143 · Woocommerce · Import Export For Woocommerce
Name of the Vulnerable Software and Affected Versions: Import Export For WooCommerce versions 1.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation...
PT-2024-35244 · Unknown · B-Banner Slider
Name of the Vulnerable Software and Affected Versions: B-Banner Slider versions 1.1 and earlier Description: The issue is related to an unrestricted upload of files with dangerous types, allowing an attacker to upload a web shell to a web server. This poses a severe cybersecurity risk...
PT-2024-35209 · Webtechglobal · Webtechglobal Easy Csv Importer
Name of the Vulnerable Software and Affected Versions: WebTechGlobal Easy CSV Importer BETA versions n/a through 7.0.0 Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server. This poses a significant...
PT-2024-34302 · Unknown · Woocommerce +1
Name of the Vulnerable Software and Affected Versions: Plug your WooCommerce into the largest catalog of customized print products from Helloprint versions n/a through 2.0.2 Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with...
PT-2024-34303
Name of the Vulnerable Software and Affected Versions: Multi Purpose Mail Form versions n/a through 1.0.2 Description: The issue allows users to upload dangerous files, potentially leading to a web server compromise by uploading a web shell. This can happen due to an unrestricted upload of file...
PT-2024-34261 · Unknown · Mahlamusa Multi Purpose Mail Form
Name of the Vulnerable Software and Affected Versions: Mahlamusa Multi Purpose Mail Form versions 1.0.2 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling an attacker to upload a web shell to a web server. Recommendations: For...