CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•17 views

Adning Advertising <= 1.5.5 - Arbitrary File Upload

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...

9.8CVSS8AI score0.06944EPSS

Exploits1References4

EUVD•added 3 days ago•8 views

EUVD-2026-38110

A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS6.1AI score

CVE•added 3 days ago•38 views

CVE-2026-48908

SP Page Builder for Joomla (joomshaper.com) is affected by CVE-2026-48908. Versions prior to 6.6.12 allow unauthenticated users to upload arbitrary files, enabling PHP code upload and execution. This vulnerability can impact confidentiality, integrity, and availability of the affected site. The C...

10CVSS6.1AI score

Vulnrichment•added 3 days ago•5 views

CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS6.1AI score

EUVD•added 5 days ago•7 views

EUVD-2026-37852

The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...

6.5CVSS5.9AI score0.00215EPSS

Positive Technologies•added 6 days ago•15 views

PT-2026-50598

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description Unauthenticated users with network access can upload unlimited amounts of data to the server, which can lead to disk space exhaustion and a subsequent denial-of-service. Additionally, the server lea...

9.3CVSS5.9AI score

Exploits0References5

Vulnrichment•added 2026/06/15 12:0 p.m.•6 views

CVE-2018-25436 WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

9.8CVSS6AI score0.00661EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•10 views

PT-2026-48389

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

5.5AI score0.00256EPSS

Exploits1References2

CNNVD•added 2026/06/10 12:0 a.m.•11 views

WordPress plugin Schema and Structured Data for WP and AMP 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.1CVSS5.5AI score0.00256EPSS

Exploits1References2

NVD•added 2026/06/08 2:16 a.m.•13 views

CVE-2024-58348

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

9.8CVSS0.00767EPSS

EUVD•added 2026/06/08 1:55 a.m.•9 views

EUVD-2024-55614

9.8CVSS6.7AI score0.00767EPSS

RedhatCVE•added 2026/06/05 7:17 p.m.•4 views

CVE-2026-6271

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes...

9.8CVSS6.3AI score0.00665EPSS

RedhatCVE•added 2026/06/05 7:10 p.m.•9 views

CVE-2026-35546

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell...

9.8CVSS5.6AI score0.00587EPSS

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42552

Name of the Vulnerable Software and Affected Versions BookingPress Pro versions prior to 5.7 Description The BookingPress Pro plugin for WordPress allows unauthenticated attackers to upload arbitrary files to the server, which may lead to remote code execution. This occurs due to missing file typ...

9.8CVSS6.2AI score0.00672EPSS

Exploits1References7

CNNVD•added 2026/05/17 12:0 a.m.•8 views

WordPress plugin Peugeot Music 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.9AI score0.00515EPSS

RedhatCVE•added 2026/05/11 8:25 p.m.•3 views

CVE-2021-47933

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

9.8CVSS6.5AI score0.00587EPSS

EUVD•added 2026/05/10 3:31 p.m.•13 views

EUVD-2021-34795

9.8CVSS6.5AI score0.00587EPSS