Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-51788

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-11 Nov, 2024 | 05:59
Updated At-12 Nov, 2024 | 17:21
Rejected At-
Credits

WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:11 Nov, 2024 | 05:59
Updated At:12 Nov, 2024 | 17:21
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.

Affected Products
Vendor
Joshua Wolfe
Product
The Novel Design Store Directory
Collection URL
https://wordpress.org/plugins
Package Name
noveldesign-store-directory
Default Status
unaffected
Versions
Affected
  • From n/a through 4.3.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-650CAPEC-650 Upload a Web Shell to a Web Server
CAPEC ID: CAPEC-650
Description: CAPEC-650 Upload a Web Shell to a Web Server
Solutions
Configurations
Workarounds
Exploits
Credits
finder
stealthcopter (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
joshua_wolfe
Product
the_novel_design_store_directory
CPEs
  • cpe:2.3:a:joshua_wolfe:the_novel_design_store_directory:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 4.3.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:11 Nov, 2024 | 06:15
Updated At:12 Nov, 2024 | 13:55

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Primaryaudit@patchstack.com
CWE ID: CWE-434
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

120Records found
CVE-2025-31324
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-10||CRITICAL
EPSS-30.21% / 96.52%
||
7 Day CHG-2.55%
Published-24 Apr, 2025 | 16:50
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-05-20||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Action-Not Available
Vendor-SAP SE
Product-netweaverSAP NetWeaver (Visual Composer development server)NetWeaver
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-29009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.29%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3.

Action-Not Available
Vendor-Webkul Software Pvt. Ltd.
Product-Medical Prescription Attachment Plugin for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.37%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 15:52
Updated-24 Feb, 2025 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.

Action-Not Available
Vendor-NotFound
Product-Chaty Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.89%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-16 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Hub plugin <= 1.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3.

Action-Not Available
Vendor-EPC
Product-AI Hub
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40981
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.28%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 21:31
Updated-17 Sep, 2024 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Action-Not Available
Vendor-etictelecomETIC Telecom
Product-ras-c-100-lwrfm-eras-ecw-220-lwras-ec-400-lwras-e-220ras-ew-100ras-ew-400ras-e-100ras-e-400ras-ew-220remote_access_server_firmwareras-ecw-400-lwras-ec-220-lwras-ec-480-lwRemote Access Server (RAS)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-23953
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.13% / 32.80%
||
7 Day CHG+0.01%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.

Action-Not Available
Vendor-Innovative Solutions
Product-user files
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-22504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.13% / 32.80%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 15:39
Updated-10 Jan, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18.

Action-Not Available
Vendor-jumpdemand
Product-4ECPS Web Forms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-22654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-2.93% / 85.88%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 19:54
Updated-18 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simplified Plugin Plugin <= 1.0.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in kodeshpa Simplified allows Using Malicious Files. This issue affects Simplified: from n/a through 1.0.6.

Action-Not Available
Vendor-kodeshpa
Product-Simplified
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9985
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-10||CRITICAL
EPSS-0.48% / 63.99%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 08:20
Updated-16 Oct, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ragic Enterprise Cloud Database - Arbitrary File Upload

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.

Action-Not Available
Vendor-Ragic Corporation
Product-enterprise_cloud_databaseEnterprise Cloud Databaseenterprise_cloud_database
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8615
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-10||CRITICAL
EPSS-12.59% / 93.70%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 08:29
Updated-08 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-eyecixhttps://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856eyecix
Product-jobsearch_wp_job_boardJobSearch WP Job Boardjobsearch_wp_job_board
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8940
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.24% / 46.42%
||
7 Day CHG~0.00%
Published-24 Sep, 2024 | 11:48
Updated-01 Oct, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability on Scriptcase

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input.

Action-Not Available
Vendor-scriptcaseScriptcasescriptcase
Product-scriptcaseScriptcasescriptcase
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56046
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.25% / 47.85%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:53
Updated-31 Dec, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.

Action-Not Available
Vendor-VibeThemes
Product-WPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56064
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-23.22% / 95.73%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:54
Updated-31 Dec, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.

Action-Not Available
Vendor-Azzaroco
Product-WP SuperBackup
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.10% / 27.42%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 00:00
Updated-06 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54214
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.79%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 13:07
Updated-20 Dec, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.

Action-Not Available
Vendor-Roninwproninwp
Product-Revyrevy
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-53822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.32% / 54.79%
||
7 Day CHG+0.04%
Published-09 Dec, 2024 | 12:24
Updated-09 Dec, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

Action-Not Available
Vendor-Genetechgenetechsolutions
Product-Pie Register Premiumpie_register
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52373
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:11
Updated-15 Nov, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1.

Action-Not Available
Vendor-Team Devexhubteam_devexhub
Product-Devexhub Gallerydevexhub_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG+0.04%
Published-02 Dec, 2024 | 13:48
Updated-02 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3.

Action-Not Available
Vendor-stefanbohacekstefanbohacek
Product-Fediverse Embedsfediverse_embeds
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:42
Updated-15 Nov, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4.

Action-Not Available
Vendor-BdThemesBdThemes
Product-Instant Image Generatorinstant_image_generator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52372
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:12
Updated-15 Nov, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.

Action-Not Available
Vendor-WebTechGlobalwebtechglobal
Product-Easy CSV Importer BETAeasy_csv_importer_beta
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:10
Updated-15 Nov, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.

Action-Not Available
Vendor-DoThatTaskdothattask
Product-Do That Taskdo_that_task
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:08
Updated-15 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.

Action-Not Available
Vendor-cmsMindscmsminds
Product-Boat Rental Plugin for WordPressboat_rental_plugin_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51793
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-40.81% / 97.28%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:52
Updated-14 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115.

Action-Not Available
Vendor-webfulcreationsWebful Creationswebfulcreations
Product-computer_repair_shopComputer Repair Shopcomputer_repair_shop
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52380
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-29.48% / 96.44%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:39
Updated-15 Nov, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.

Action-Not Available
Vendor-Softpulse Infotechsoftpulse_infotech
Product-Picsmizepicsmize
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG+0.04%
Published-28 Nov, 2024 | 10:42
Updated-29 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1.

Action-Not Available
Vendor-Pathomationpathomation
Product-Pathomationpathomation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52379
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:40
Updated-15 Nov, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8.

Action-Not Available
Vendor-Kinetic Innovative Technologies Sdn Bhdkinetic_innovative_technologies_sdn_bhd
Product-kineticPay for WooCommercekineticpay_for_woocommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG+0.03%
Published-11 Nov, 2024 | 05:53
Updated-12 Nov, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Audio Record plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0.

Action-Not Available
Vendor-Dang Ngoc Binhdangngocbinh
Product-Audio Recordaudio_record
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50525
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.54% / 66.75%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:44
Updated-06 Nov, 2024 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Helloprint plugin <= 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2.

Action-Not Available
Vendor-helloprintHelloprinthelloprint
Product-helloprintPlug your WooCommerce into the largest catalog of customized print products from Helloprinthelloprint
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG+0.07%
Published-29 Oct, 2024 | 07:53
Updated-29 Oct, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2.

Action-Not Available
Vendor-Amin Omeramin_omer
Product-Sudan Payment Gateway for WooCommercewc_sudan_payment_gateway
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:45
Updated-24 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.

Action-Not Available
Vendor-brx8rbrx8rbrx8r
Product-nice_backgroundsNice Backgroundsnice_backgrounds
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:39
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.

Action-Not Available
Vendor-Shafiqshafiq
Product-Digital Lotterydigital_library
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49216
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 65.00%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:42
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1.

Action-Not Available
Vendor-Joshua Claytonjoshua_clayton
Product-Feed Comments Numberfeed_comments_number
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49329
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.64% / 69.60%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:47
Updated-24 Oct, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0.

Action-Not Available
Vendor-vivektamrakarVivek Tamrakarvivek_tamrakar
Product-wp_rest_api_fnsWP REST API FNSwp_rest_api_fns
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49314
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:19
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in 酱茄 JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2.

Action-Not Available
Vendor-酱茄zhuige
Product-JiangQie Free Mini Programjiangqie_free_mini_program
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.25% / 47.85%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 10:49
Updated-07 Jan, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6.

Action-Not Available
Vendor-ThemeGlow
Product-JobBoard Job listing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43160
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-70.16% / 98.62%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 11:41
Updated-13 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.

Action-Not Available
Vendor-BerqWPberqier
Product-BerqWPberqwp
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-34990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.29% / 52.09%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-n/ahelpdesk
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-55.71% / 98.00%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 07:06
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0.

Action-Not Available
Vendor-Kognetiks
Product-Kognetiks Chatbot for WordPress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32809
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.17% / 77.83%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:39
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41.

Action-Not Available
Vendor-JumpDEMAND Inc.jumpdemand
Product-ActiveDEMANDactivedemand
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.85% / 82.28%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 09:06
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.

Action-Not Available
Vendor-J.N. Breetvelt a.k.a. OpaJaapopajaap
Product-WP Photo Album Pluswp_photo_album_plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31115
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.45% / 62.63%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:05
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 7.2.

Action-Not Available
Vendor-QuanticaLabs
Product-Chauffeur Taxi Booking System for WordPress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31351
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-47.15% / 97.60%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:15
Updated-18 Apr, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6.

Action-Not Available
Vendor-copymaticCopymaticcopymatic
Product-copymaticCopymatic – AI Content Writer & Generatorcopymatic
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-30510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 13:36
Updated-27 Feb, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon booking system plugin <= 9.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.

Action-Not Available
Vendor-salonbookingsystemSalon Booking Systemsalonbookingsystem
Product-salon_booking_systemSalon booking systemsalon_booking_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-25913
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.77% / 72.57%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 15:15
Updated-08 May, 2025 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Action-Not Available
Vendor-skymoonlabsSkymoonlabsskymoonlabs
Product-movetoMoveTomoveto
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-25925
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.72% / 71.66%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 15:09
Updated-08 May, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12.

Action-Not Available
Vendor-sysbasicsSYSBASICSsysbasics
Product-easy_checkout_field_editorWooCommerce Easy Checkout Field Editor, Fees & Discountswoocommerce_easy_checkout_field_editor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50482
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-35.56% / 96.94%
||
7 Day CHG+1.14%
Published-29 Oct, 2024 | 07:57
Updated-29 Oct, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0.

Action-Not Available
Vendor-Chetan Khandlachetan_khandla
Product-Woocommerce Product Designwoocommerce_product_design
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-35746
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.56% / 67.14%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:34
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.

Action-Not Available
Vendor-buddypress_cover_projectAsghar HatampoorWordPress.org
Product-buddypress_coverBuddyPress Coverbuddypress_cover
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG+0.03%
Published-11 Nov, 2024 | 05:57
Updated-12 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.

Action-Not Available
Vendor-UjW0Lujwol
Product-Image Classifyimage_classify
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG+0.03%
Published-11 Nov, 2024 | 05:55
Updated-12 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0.

Action-Not Available
Vendor-Team HB WEBSOLteam_hb_websol
Product-HB AUDIO GALLERYhb_audio_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51791
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.54% / 66.75%
||
7 Day CHG+0.04%
Published-11 Nov, 2024 | 05:54
Updated-12 Nov, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0.

Action-Not Available
Vendor-Made I.T.madeit
Product-Formsforms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found