WordPress MW WP Form plugin <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability

Unauthenticated Arbitrary File Move via regenerateuploadfilekeys vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin MW WP Form versions = 5.1.1...

CVE-2025-10488

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the addlistingaction AJAX action in all versions up to, and including, 8.4.8. This makes it possible for...

PT-2025-43716

Name of the Vulnerable Software and Affected Versions Directorist versions up to and including 8.4.8 Description The Directorist plugin for WordPress is susceptible to arbitrary file move due to inadequate file path validation within the add listing action AJAX action. This allows unauthenticated...

CVE-2025-7360

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handlefilesupload function in all versions up to, and including, 2.2.1. This makes it possible for...