Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-31231

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-20 Dec, 2023 | 18:56
Updated At-02 Aug, 2024 | 14:53
Rejected At-
Credits

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:20 Dec, 2023 | 18:56
Updated At:02 Aug, 2024 | 14:53
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

Affected Products
Vendor
Unlimited Elements
Product
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Collection URL
https://wordpress.org/plugins
Package Name
unlimited-elements-for-elementor
Default Status
unaffected
Versions
Affected
  • From n/a through 1.5.65 (custom)
    • -> unaffectedfrom1.5.66
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 1.5.66 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Rafie Muhammad (Patchstack)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:20 Dec, 2023 | 19:15
Updated At:14 Oct, 2024 | 13:43

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Secondary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
unlimited-elements
unlimited-elements
>>unlimited_elements_for_elementor>>Versions before 1.5.66(exclusive)
cpe:2.3:a:unlimited-elements:unlimited_elements_for_elementor:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primaryaudit@patchstack.com
CWE ID: CWE-434
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-arbitrary-file-upload-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-arbitrary-file-upload-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

140Records found
CVE-2024-49331
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:43
Updated-24 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Property Lot Management System plugin <= 4.2.38 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.

Action-Not Available
Vendor-myriadsolutionzMyriad Solutionzmyriad_solutionz
Product-property_lot_management_systemProperty Lot Management Systemproperty_lot_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.45% / 62.59%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:34
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through 1.1.8.

Action-Not Available
Vendor-Dogu Pekgozpostpix
Product-AI Image Generator for Your Content & Featured Images – AI Postpixai_postpix
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49658
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:37
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.

Action-Not Available
Vendor-Ecomerciarecomerciar
Product-Woocommerce Custom Profile Picturewoocommerce_custom_profile_picture
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48034
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:43
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2.

Action-Not Available
Vendor-Fliperrr Teamfliperr_team
Product-Creates 3D Flipbook, PDF Flipbookcreates_3d_flipbook_pdf_flipbook
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48035
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:05
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4.

Action-Not Available
Vendor-Takayuki Imanishitakayukiimanishi
Product-ACF Images Search And Insertacf_images_search_and_insert
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-46479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-13 Jan, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

Action-Not Available
Vendor-Venki
Product-Supravizio BPM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4306
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.12% / 32.53%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 11:56
Updated-01 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.

Action-Not Available
Vendor-Ofofonobsofofonobs
Product-HubBankhubbank
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4197
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.89% / 74.51%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 04:01
Updated-21 Jan, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.

Action-Not Available
Vendor-Avaya LLC
Product-ip_officeIP Officeip_office
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-37420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.85% / 74.05%
||
7 Day CHG+0.17%
Published-09 Jul, 2024 | 10:18
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1.

Action-Not Available
Vendor-WPZitawpzita
Product-Zita Elementor Site Libraryzita_elementor_site_library
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-37424
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.93% / 75.22%
||
7 Day CHG+0.19%
Published-09 Jul, 2024 | 10:21
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8.

Action-Not Available
Vendor-Automattic Inc.
Product-Newspack Blocksnewspack_newsletters
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-37418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-1.17% / 77.84%
||
7 Day CHG-0.05%
Published-09 Jul, 2024 | 10:15
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.

Action-Not Available
Vendor-Andy Moyleandymoyle
Product-Church Adminchurch_admin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40200
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.43% / 61.65%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 22:00
Updated-20 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerability

Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.

Action-Not Available
Vendor-gvectorsgVectors Team
Product-wpforo_forumwpForo Forum (WordPress plugin)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-34411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.56% / 67.28%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 08:57
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0.

Action-Not Available
Vendor-Thomas Scholl
Product-canvasio3D Light
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.48% / 64.25%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:58
Updated-09 Jun, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4.

Action-Not Available
Vendor-infothemePoll Maker & Voting Plugin Team (InfoTheme)
Product-wp_poll_makerWP Poll Maker
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31286
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.80% / 73.08%
||
7 Day CHG+0.21%
Published-07 Apr, 2024 | 17:30
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.

Action-Not Available
Vendor-J.N. Breetvelt a.k.a. OpaJaap
Product-WP Photo Album Plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-30500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.77% / 72.58%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:35
Updated-27 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CubeWP plugin <= 1.1.12 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12.

Action-Not Available
Vendor-cubewpCubeWP
Product-cubewpCubeWP – All-in-One Dynamic Content Framework
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2015-5951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-3.07% / 86.21%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 20:32
Updated-06 Aug, 2024 | 07:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands.

Action-Not Available
Vendor-thomsonreutersn/a
Product-fatcan/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-29135
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.82%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 13:51
Updated-25 Feb, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15.

Action-Not Available
Vendor-themeficthemefic
Product-tourficTourfictourfic
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2599
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.11% / 29.98%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:04
Updated-17 Apr, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

Action-Not Available
Vendor-amss\+\+_projectAmssplusamssplus
Product-amss\+\+AMSS++amss_plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-25909
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.56% / 67.12%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 15:28
Updated-08 May, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Media folder Plugin <= 5.7.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.

Action-Not Available
Vendor-JoomUnited
Product-wp_media_folderWP Media folderwp_media_folder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52407
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.35% / 56.80%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:46
Updated-19 Nov, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.

Action-Not Available
Vendor-codeSavorycodesavory
Product-BasePress Migration Toolsbasepress_migration_tools
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-47.25% / 97.60%
||
7 Day CHG+1.20%
Published-29 Oct, 2024 | 08:31
Updated-29 Oct, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.

Action-Not Available
Vendor-Devsoft Baltic OÜdevsoft_baltic
Product-SurveyJS: Drag & Drop WordPress Form Buildersurveyjs
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1644
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 53.79%
||
7 Day CHG~0.00%
Published-19 Feb, 2024 | 23:54
Updated-31 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suite CRM v7.14.2 - RCE via Local File Inclusion

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.

Action-Not Available
Vendor-SuiteCRM Ltd.SalesAgility Ltd.
Product-suitecrmSuite CRM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56057
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.28% / 50.94%
||
7 Day CHG+0.04%
Published-18 Dec, 2024 | 18:52
Updated-18 Dec, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Action-Not Available
Vendor-VibeThemes
Product-WPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.28% / 50.94%
||
7 Day CHG+0.04%
Published-18 Dec, 2024 | 18:55
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

Action-Not Available
Vendor-VibeThemes
Product-WPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-27.48% / 96.24%
||
7 Day CHG+2.16%
Published-13 Dec, 2024 | 14:24
Updated-13 Dec, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.

Action-Not Available
Vendor-Siddharth Nagar
Product-Import Export For WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51548
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.7||HIGH
EPSS-0.17% / 38.60%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 12:52
Updated-05 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dangerous File Upload

Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Action-Not Available
Vendor-ABB
Product-MATRIX SeriesNEXUS SeriesASPECT-Enterpriseaspect_enterprisenexus_seriesmatrix_series
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG+0.07%
Published-29 Oct, 2024 | 07:58
Updated-29 Oct, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.

Action-Not Available
Vendor-azexoazexo
Product-Marketing Automation by AZEXOmarketing_automation_by_azexo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50511
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.45% / 62.59%
||
7 Day CHG+0.07%
Published-30 Oct, 2024 | 07:47
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in David DONISA WP donimedia carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through 1.0.1.

Action-Not Available
Vendor-David DONISA
Product-WP donimedia carousel
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.38% / 58.69%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:41
Updated-06 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.

Action-Not Available
Vendor-rudrainnovativeRudra Innnovative Softwarerudra_innovative_software
Product-training_-_coursesTraining – Coursestraining_courses
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:39
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.

Action-Not Available
Vendor-ReneeCussackreneecussack
Product-3D Work In Progress3d_work_in_progress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-61.29% / 98.26%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:38
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2.

Action-Not Available
Vendor-James Eggersjames_egger
Product-Portfolleoportfolleo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.45% / 62.59%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:35
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.

Action-Not Available
Vendor-Alexander De Ridderalexander_de_ridder
Product-INK Officialink_official
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49260
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.92% / 75.03%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:38
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.

Action-Not Available
Vendor-Limblimb
Product-WordPress Gallery Plugin – Limb Image Gallerylimb_image_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48027
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.49%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:07
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2.

Action-Not Available
Vendor-xaraartechxaraartech
Product-External featured image from bingexternal_featured_image_from_bing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-45076
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.22% / 45.23%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 15:59
Updated-06 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM webMethods Integration code execution

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

Action-Not Available
Vendor-IBM Corporation
Product-webmethods_integrationwebMethods Integration
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-3.08% / 86.24%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:19
Updated-06 Sep, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.

Action-Not Available
Vendor-bitappsBit Appsbitapps
Product-bit_formBit Form Probit_form_pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-36987
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 69.25%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 16:30
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure File Upload in the indexing/preview REST endpoint

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-cloudsplunkSplunk Cloud PlatformSplunk Enterprise
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31280
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.44% / 62.14%
||
7 Day CHG+0.12%
Published-07 Apr, 2024 | 17:33
Updated-26 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.

Action-Not Available
Vendor-Andy Moyleandymoyle
Product-Church Adminchurch_admin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-34660
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.

Action-Not Available
Vendor-jeecgn/a
Product-jeecg_bootn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found