Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-46815

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Oct, 2023 | 00:00
Updated At-09 Sep, 2024 | 16:04
Rejected At-
Credits

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Oct, 2023 | 00:00
Updated At:09 Sep, 2024 | 16:04
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/
N/A
Hyperlink: https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/
x_transferred
Hyperlink: https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
SugarCRM Inc.sugarcrm
Product
sugarcrm
CPEs
  • cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 12.0.0 before 12.0.4 (custom)
  • From 13.0.0 before 13.0.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Oct, 2023 | 04:15
Updated At:07 Nov, 2023 | 20:46

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

SugarCRM Inc.
sugarcrm
>>sugarcrm>>Versions from 12.0.0(inclusive) to 12.0.4(exclusive)
cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:enterprise:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>Versions from 12.0.0(inclusive) to 12.0.4(exclusive)
cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:sell:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>Versions from 12.0.0(inclusive) to 12.0.4(exclusive)
cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:serve:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>13.0.0
cpe:2.3:a:sugarcrm:sugarcrm:13.0.0:*:*:*:enterprise:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>13.0.0
cpe:2.3:a:sugarcrm:sugarcrm:13.0.0:*:*:*:sell:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>13.0.0
cpe:2.3:a:sugarcrm:sugarcrm:13.0.0:*:*:*:serve:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>13.0.1
cpe:2.3:a:sugarcrm:sugarcrm:13.0.1:*:*:*:enterprise:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>13.0.1
cpe:2.3:a:sugarcrm:sugarcrm:13.0.1:*:*:*:sell:*:*:*
SugarCRM Inc.
sugarcrm
>>sugarcrm>>13.0.1
cpe:2.3:a:sugarcrm:sugarcrm:13.0.1:*:*:*:serve:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/cve@mitre.org
Vendor Advisory
Hyperlink: https://support.sugarcrm.com/resources/security/sugarcrm-sa-2023-011/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

912Records found

CVE-2025-2006
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.80% / 52.05%
||
7 Day CHG+0.05%
Published-29 Mar, 2025 | 07:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload

The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the "Allow guest users without accounts to create topics and replies" setting is enabled.

Action-Not Available
Vendor-berrypress
Product-Inline Image Upload for BBPress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2013-3591
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-43.10% / 98.56%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 14:15
Updated-06 Aug, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability

Action-Not Available
Vendor-vtigervTiger CRM
Product-vtiger_crmvTiger CRM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-20274
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.38% / 30.00%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 16:16
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_intelligence_centerunified_contact_center_expressCisco Unified Contact Center ExpressCisco Unified Intelligence Center
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-20067
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.26% / 66.12%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 00:00
Updated-11 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter.

Action-Not Available
Vendor-ebcmsn/a
Product-ebcmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42029
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 48.73%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-14 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.

Action-Not Available
Vendor-chamilon/a
Product-chamilon/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.98% / 57.88%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-08 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.

Action-Not Available
Vendor-simple_exam_reviewer_management_system_projectn/a
Product-simple_exam_reviewer_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-42229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.00% / 58.37%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-19 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.

Action-Not Available
Vendor-wedding_planner_projectn/a
Product-wedding_plannern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-36426
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.06% / 60.35%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.

Action-Not Available
Vendor-phpwcmsn/a
Product-phpwcmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-15199
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 14.73%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 18:02
Updated-24 Feb, 2026 | 06:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects College Notes Uploading System userprofile.php unrestricted upload

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-college_notes_uploading_systemCollege Notes Uploading System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-15423
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 23.23%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 02:02
Updated-23 Feb, 2026 | 08:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload

A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-phomeEmpireSoft
Product-empirecmsEmpireCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-15158
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.43% / 34.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 08:21
Updated-08 Apr, 2026 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Enable WebP <= 1.0 - Authenticated (Author+) Arbitrary File Upload

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-eastsidecode
Product-WP Enable WebP
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2013-10044
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.34% / 67.85%
||
7 Day CHG+0.06%
Published-01 Aug, 2025 | 20:46
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEMR ≤ 4.1.1 SQL Injection Privilege Escalation and RCE

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.

Action-Not Available
Vendor-OpenEMR FoundationOpenEMR Foundation, Inc
Product-openemrOpenEMR
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-16790
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.62%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 19:15
Updated-31 Dec, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in Tiny File Manager

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.

Action-Not Available
Vendor-prasathmaniTiny File Manager
Product-tiny_file_managerTiny File Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-15240
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.44% / 35.11%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 08:18
Updated-20 Jan, 2026 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quanta Computer|QOCA aim AI Medical Cloud Platform - Arbitrary File Upload

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Action-Not Available
Vendor-quantatwQuanta Computer
Product-qoca_aimQOCA aim AI Medical Cloud Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-14195
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 27.28%
||
7 Day CHG~0.00%
Published-07 Dec, 2025 | 15:02
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Employee Profile Management System add_file_query.php unrestricted upload

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-carmelogarciaSource Code & Projects
Product-employee_profile_management_systemEmployee Profile Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-15050
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 20.67%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 00:32
Updated-30 Dec, 2025 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Student File Management System save_file.php unrestricted upload

A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-student_file_management_systemStudent File Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41267
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-9.9||CRITICAL
EPSS-0.79% / 51.81%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 02:39
Updated-22 Apr, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-business_objects_business_intelligence_platformBusinessObjects Business Intelligence Platform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-15009
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 21.09%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 02:32
Updated-31 Dec, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-1000mzliweiyi
Product-chestnutcmsChestnutCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-14849
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.53% / 40.97%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 20:32
Updated-31 Dec, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type

Advantech WebAccess/SCADA  is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccess\/scadaWebAccess/SCADA
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-14885
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.63%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 18:32
Updated-24 Dec, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload

A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-lerouxyxchireSourceCodester
Product-client_database_management_systemClient Database Management System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13238
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.49%
||
7 Day CHG~0.00%
Published-16 Nov, 2025 | 05:32
Updated-24 Feb, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bdtask Flight Booking Software Edit Profile edit unrestricted upload

A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-bdtaskBdtask
Product-flight_booking_softwareFlight Booking Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13066
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.46% / 36.94%
||
7 Day CHG~0.00%
Published-05 Dec, 2025 | 03:28
Updated-08 Apr, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-kraftplugins
Product-Demo Importer Plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13065
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-7.06% / 93.43%
||
7 Day CHG~0.00%
Published-06 Dec, 2025 | 09:25
Updated-08 Apr, 2026 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Starter Templates <= 4.4.41 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass

The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-Brainstorm Force
Product-Starter Templates – AI-Powered Templates for Elementor & Gutenberg
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-41539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.04% / 59.80%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Action-Not Available
Vendor-wedding_planner_projectn/a
Product-wedding_plannern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13094
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.43% / 34.80%
||
7 Day CHG~0.00%
Published-13 Dec, 2025 | 04:31
Updated-08 Apr, 2026 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-wp3d
Product-WP3D Model Import Viewer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13067
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.47% / 37.17%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 04:25
Updated-22 Apr, 2026 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass

The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-Royal Elementor Addons
Product-Royal Addons for Elementor – Addons and Templates Kit for Elementor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-55061
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.53%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 17:14
Updated-31 Dec, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Priority - CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-434 Unrestricted Upload of File with Dangerous Type

Action-Not Available
Vendor-Priority
Product-Web
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13573
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 22.20%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 23:32
Updated-02 Dec, 2025 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
projectworlds can pass malicious payloads add_book.php unrestricted upload

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-Projectworlds
Product-advanced_library_management_systemcan pass malicious payloads
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40407
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.23% / 65.29%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 13:20
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

Action-Not Available
Vendor-chamilon/a
Product-chamilon/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13536
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.36%
||
7 Day CHG~0.00%
Published-27 Nov, 2025 | 08:27
Updated-08 Apr, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blubrry PowerPress <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post'

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when validation fails in the 'powerpress_edit_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-blubrry
Product-PowerPress Podcasting plugin by Blubrry
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13156
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.37%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 08:28
Updated-08 Apr, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vitepos – Point of Sale (POS) for WooCommerce <= 3.3.0 - Authenticated (Subscriber+) Arbitrary File Upload to Remote Code Execution

The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the save_update_category_img() function accepting user-supplied file types without validation when processing category images. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which makes remote code execution possible.

Action-Not Available
Vendor-appsbd
Product-Vitepos – Point of Sale (POS) for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40035
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.22% / 64.95%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.

Action-Not Available
Vendor-blog-ssm_projectn/a
Product-blog-ssmn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13543
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.71% / 48.91%
||
7 Day CHG+0.03%
Published-04 Dec, 2025 | 20:27
Updated-08 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-rtowebsites
Product-PostGallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13061
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.58%
||
7 Day CHG+0.01%
Published-12 Nov, 2025 | 20:32
Updated-17 Nov, 2025 | 12:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Voting System index.php unrestricted upload

A vulnerability was detected in itsourcecode Online Voting System 1.0. This impacts an unknown function of the file /index.php?page=manage_voting. Performing manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-online_voting_systemOnline Voting System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13689
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 41.58%
||
7 Day CHG~0.00%
Published-17 Feb, 2026 | 22:26
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.

Action-Not Available
Vendor-IBM Corporation
Product-DataStage on Cloud Pak
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13062
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.51% / 39.45%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 13:23
Updated-08 Apr, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Supreme Modules Lite <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files, allowing double extension files to bypass sanitization while being accepted as a valid JSON file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-divisupreme
Product-Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-13069
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.56% / 42.65%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 09:27
Updated-08 Apr, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitization while being accepted as a valid ICO file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-ideastocode
Product-Enable SVG, WebP, and ICO Upload
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12222
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 33.03%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 04:32
Updated-24 Feb, 2026 | 07:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bdtask Flight Booking Software Deposit deposit unrestricted upload

A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-bdtaskBdtask
Product-flight_booking_softwareFlight Booking Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12223
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.02%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 04:32
Updated-24 Feb, 2026 | 07:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bdtask Flight Booking Software Package Information package-information unrestricted upload

A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-bdtaskBdtask
Product-flight_booking_softwareFlight Booking Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12346
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 27.71%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 02:02
Updated-06 Nov, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload

A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDir results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-max-3000MaxSite
Product-maxsite_cmsCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12347
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.02%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 02:02
Updated-06 Nov, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MaxSite CMS save-file-ajax.php unrestricted upload

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-max-3000MaxSite
Product-maxsite_cmsCMS
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12775
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.54% / 41.22%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 08:27
Updated-08 Apr, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Dropzone <= 1.1.0 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due to the chunked upload functionality writing files directly to the uploads directory before any file type validation occurs. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-nazsabuz
Product-WP Dropzone
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12138
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.53%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 07:31
Updated-21 Nov, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the 'uimptr_import_image_from_url()' function which writes the file to the server before performing proper validation. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible via the uploaded PHP file.

Action-Not Available
Vendor-bww
Product-URL Image Importer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12181
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.51% / 39.73%
||
7 Day CHG~0.00%
Published-05 Dec, 2025 | 05:31
Updated-08 Apr, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2025-67910 is likely a duplicate of this.

Action-Not Available
Vendor-contentstudio
Product-ContentStudio
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12966
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.45% / 35.79%
||
7 Day CHG~0.00%
Published-06 Dec, 2025 | 09:25
Updated-08 Dec, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
All-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4.5.4 to 4.5.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-plugins360
Product-All-in-One Video Gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12968
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.50% / 38.88%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 03:20
Updated-08 Apr, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the `upload_file` function in the `infility_import_file` class only validating the MIME type which can be easily spoofed, and the `import_data` function missing capability checks. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-infility
Product-Infility Global
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12957
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.30%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 04:44
Updated-08 Apr, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
All-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitization while being accepted as a valid VTT file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-plugins360
Product-All-in-One Video Gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12161
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.47% / 37.18%
||
7 Day CHG+0.01%
Published-08 Nov, 2025 | 03:27
Updated-08 Apr, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smart Auto Upload Images <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload

The Smart Auto Upload Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the auto-image creation functionality in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-burhandodhy
Product-Smart Auto Upload Images – Import External Images
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-12171
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.75%
||
7 Day CHG+0.04%
Published-01 Nov, 2025 | 06:40
Updated-04 Nov, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RESTful Content Syndication 1.1.0 - 1.5.0 - Authenticated (Contributor+) Arbitrary File Upload

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image() function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This requires the attacker have access to a defined third-party server as specified in the settings, so it is unlikely that this will be exploitable by contributor-level users, and more likely to be exploited by administrators who also have access to the plugin's settings.

Action-Not Available
Vendor-anthonyeden
Product-RESTful Content Syndication
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-3989
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-1.05% / 60.05%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 17:54
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

Action-Not Available
Vendor-stylemixthemesUnknown
Product-motors_-_car_dealer\,_classifieds_\&_listingMotors
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 18
  • 19
  • Next
Details not found