Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-52403

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-16 Nov, 2024 | 21:53
Updated At-17 Nov, 2024 | 16:38
Rejected At-
Credits

WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:16 Nov, 2024 | 21:53
Updated At:17 Nov, 2024 | 16:38
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.

Affected Products
Vendor
WPExperts
Product
User Management
Collection URL
https://wordpress.org/plugins
Package Name
user-management
Default Status
unaffected
Versions
Affected
  • From n/a through 1.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-650CAPEC-650 Upload a Web Shell to a Web Server
CAPEC ID: CAPEC-650
Description: CAPEC-650 Upload a Web Shell to a Web Server
Solutions
Configurations
Workarounds
Exploits
Credits
finder
stealthcopter (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
wpexperts
Product
user_management
CPEs
  • cpe:2.3:a:wpexperts:user_management:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.1 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:16 Nov, 2024 | 22:15
Updated At:18 Nov, 2024 | 17:11

Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Primaryaudit@patchstack.com
CWE ID: CWE-434
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

115Records found
CVE-2024-52407
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.35% / 56.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 21:46
Updated-19 Nov, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0.

Action-Not Available
Vendor-codeSavorycodesavory
Product-BasePress Migration Toolsbasepress_migration_tools
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52400
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.35% / 56.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 22:04
Updated-19 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through 1.01.

Action-Not Available
Vendor-Subhasis Lahasubhasis_laha
Product-Galleriogallerio
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.38% / 58.68%
||
7 Day CHG+0.03%
Published-04 Nov, 2024 | 13:40
Updated-06 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stars SMTP Mailer plugin <= 1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7.

Action-Not Available
Vendor-myriadsolutionzMyriad Solutionzmyriad_solutionz
Product-stars_smtp_mailerStars SMTP Mailerstars_smtp_mailer
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50480
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.48%
||
7 Day CHG+0.07%
Published-29 Oct, 2024 | 07:58
Updated-29 Oct, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.

Action-Not Available
Vendor-azexoazexo
Product-Marketing Automation by AZEXOmarketing_automation_by_azexo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50511
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.45% / 62.59%
||
7 Day CHG+0.07%
Published-30 Oct, 2024 | 07:47
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in David DONISA WP donimedia carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through 1.0.1.

Action-Not Available
Vendor-David DONISA
Product-WP donimedia carousel
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.45% / 62.59%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:35
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.

Action-Not Available
Vendor-Alexander De Ridderalexander_de_ridder
Product-INK Officialink_official
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.38% / 58.68%
||
7 Day CHG+0.03%
Published-04 Nov, 2024 | 13:41
Updated-06 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1.

Action-Not Available
Vendor-rudrainnovativeRudra Innnovative Softwarerudra_innovative_software
Product-training_-_coursesTraining – Coursestraining_courses
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-46808
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.9||CRITICAL
EPSS-7.98% / 91.71%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 01:45
Updated-02 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.

Action-Not Available
Vendor-Ivanti Software
Product-neurons_for_itsmITSMneurons_for_itsm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-53213
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.05% / 14.02%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using Malicious Files. This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: from n/a through 4.3.1.

Action-Not Available
Vendor-ELEXtensions
Product-ReachShip WooCommerce Multi-Carrier & Conditional Shipping
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-45076
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.22% / 45.22%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 15:59
Updated-06 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM webMethods Integration code execution

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.

Action-Not Available
Vendor-IBM Corporation
Product-webmethods_integrationwebMethods Integration
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-13774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-5.94% / 90.28%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 19:22
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

Action-Not Available
Vendor-n/aIvanti Software
Product-endpoint_managern/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4306
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.12% / 32.51%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 11:56
Updated-01 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.

Action-Not Available
Vendor-Ofofonobsofofonobs
Product-HubBankhubbank
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43249
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-3.08% / 86.23%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:19
Updated-06 Sep, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.

Action-Not Available
Vendor-bitappsBit Appsbitapps
Product-bit_formBit Form Probit_form_pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-53251
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.05% / 14.02%
||
7 Day CHG~0.00%
Published-21 Aug, 2025 | 14:43
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pin WP theme < 7.2 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a before 7.2.

Action-Not Available
Vendor-An-Themes
Product-Pin WP
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48034
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.48%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:43
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2.

Action-Not Available
Vendor-Fliperrr Teamfliperr_team
Product-Creates 3D Flipbook, PDF Flipbookcreates_3d_flipbook_pdf_flipbook
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-37762
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-25.14% / 95.97%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 00:00
Updated-30 Apr, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.

Action-Not Available
Vendor-machformn/amachform
Product-machformn/amachform
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49260
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.92% / 75.01%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:38
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7.

Action-Not Available
Vendor-Limblimb
Product-WordPress Gallery Plugin – Limb Image Gallerylimb_image_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48027
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.48%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:07
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2.

Action-Not Available
Vendor-xaraartechxaraartech
Product-External featured image from bingexternal_featured_image_from_bing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-37418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-1.17% / 77.82%
||
7 Day CHG-0.05%
Published-09 Jul, 2024 | 10:15
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.

Action-Not Available
Vendor-Andy Moyleandymoyle
Product-Church Adminchurch_admin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-37420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.85% / 74.03%
||
7 Day CHG+0.17%
Published-09 Jul, 2024 | 10:18
Updated-02 Aug, 2024 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1.

Action-Not Available
Vendor-WPZitawpzita
Product-Zita Elementor Site Libraryzita_elementor_site_library
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-34411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.56% / 67.28%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 08:57
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0.

Action-Not Available
Vendor-Thomas Scholl
Product-canvasio3D Light
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31286
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.80% / 73.07%
||
7 Day CHG+0.21%
Published-07 Apr, 2024 | 17:30
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Photo Album Plus plugin < 8.6.03.005 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005.

Action-Not Available
Vendor-J.N. Breetvelt a.k.a. OpaJaap
Product-WP Photo Album Plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-29135
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.82%
||
7 Day CHG~0.00%
Published-19 Mar, 2024 | 13:51
Updated-25 Feb, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15.

Action-Not Available
Vendor-themeficthemefic
Product-tourficTourfictourfic
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-2599
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.11% / 29.96%
||
7 Day CHG~0.00%
Published-18 Mar, 2024 | 14:04
Updated-17 Apr, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

Action-Not Available
Vendor-amss\+\+_projectAmssplusamssplus
Product-amss\+\+AMSS++amss_plus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-25918
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.48%
||
7 Day CHG+0.19%
Published-03 Apr, 2024 | 12:11
Updated-09 Feb, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress InstaWP Connect plugin <= 0.1.0.8 - Auth. Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8.

Action-Not Available
Vendor-instawpInstaWP Teaminstawp
Product-instawp_connectInstaWP Connectinstawp_connect
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47663
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-27 May, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11.

Action-Not Available
Vendor-mojoomla
Product-Hospital Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-58048
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-28 Aug, 2025 | 17:31
Updated-28 Aug, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paymenter Vulnerable to Remote Code Execution via Public File Uploads

Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read from configuration files, and arbitrary system commands being run under the web server user context. This vulnerability was patched by commit 87c3db4 and was released under the version 1.2.11 tag without any other code modifications compared to version 1.2.10. If upgrading is not immediately possible, administrators can mitigate this vulnerability with one or more of the following measures: updating nginx config to download attachments instead of executing them or disallowing access to /storage/ fully using a WAF such as Cloudflare.

Action-Not Available
Vendor-Paymenter
Product-Paymenter
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47452
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.85%
||
7 Day CHG+0.01%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP VR <= 8.5.26 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26.

Action-Not Available
Vendor-RexTheme
Product-WP VR
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-46616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.36% / 57.13%
||
7 Day CHG+0.08%
Published-25 Apr, 2025 | 00:00
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.

Action-Not Available
Vendor-Quantum
Product-StorNext
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-46264
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PowerPress Podcasting <= 11.12.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5.

Action-Not Available
Vendor-Angelo Mandato
Product-PowerPress Podcasting
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-1644
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 53.77%
||
7 Day CHG~0.00%
Published-19 Feb, 2024 | 23:54
Updated-31 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suite CRM v7.14.2 - RCE via Local File Inclusion

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI.

Action-Not Available
Vendor-SuiteCRM Ltd.SalesAgility Ltd.
Product-suitecrmSuite CRM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-46157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.13% / 33.73%
||
7 Day CHG+0.02%
Published-18 Jun, 2025 | 00:00
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-10960
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.9||CRITICAL
EPSS-0.34% / 55.84%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 11:11
Updated-20 Feb, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brizy – Page Builder <= 2.6.4 - Authenticated (Contributor+) Arbitrary File Upload via storeUploads

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-brizythemefusecom
Product-brizyBrizy – Page Builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-6965
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.9||CRITICAL
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 17:06
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mas700clinical_information_center_mp100dclinical_information_center_mp100d_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_b850_monitor_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwarecarescape_b450_monitorcarescape_b650_monitorapexpro_telemetry_server_firmwarecarescape_central_station_mai700_firmwarecarescape_central_station_mai700apexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100r_firmwarecarescape_b450_monitor_firmwarecarescape_b650_monitor_firmwarecarescape_b850_monitorGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-20
Improper Input Validation
CVE-2023-51410
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.07%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:53
Updated-20 Nov, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mail Log Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.

Action-Not Available
Vendor-wpvibesWPVibes
Product-wp_mail_logWP Mail Log
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-4122
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-9.9||CRITICAL
EPSS-0.75% / 72.13%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 23:10
Updated-28 May, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Information System v1.0 - Insecure File Upload

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Action-Not Available
Vendor-imsurajghoshKashipara Group
Product-student_information_systemStudent Information System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-39402
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:24
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

Action-Not Available
Vendor-mojoomla
Product-WPAMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.07%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:44
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JVM rich text icons Plugin <= 1.2.3 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.

Action-Not Available
Vendor-jorisvmJoris van Montfort
Product-jvm_gutenberg_rich_text_iconsJVM Gutenberg Rich Text Icons
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.66% / 70.07%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:18
Updated-17 Apr, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.

Action-Not Available
Vendor-soft8softSoft8Soft LLC
Product-verge3dVerge3D Publishing and E-Commerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-39424
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-9.9||CRITICAL
EPSS-0.41% / 60.47%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 12:25
Updated-26 Sep, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials. 

Action-Not Available
Vendor-resortdataResort Data Processing, Inc.
Product-internet_reservation_module_next_generationIRM Next Generation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:46
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34.

Action-Not Available
Vendor-RomanCode
Product-MapSVG Lite
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32140
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 08:09
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Remote Thumbnail Plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1.

Action-Not Available
Vendor-Nirmal Kumar Ram
Product-WP Remote Thumbnail
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32028
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:06
Updated-30 Jul, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is non-exhaustive and only blocks ’.php’, ’.sh’, ’.js’, and ’.css’ files. The existing logic causes the system to "fail open" rather than "fail closed." This vulnerability is fixed in 10.0.3.

Action-Not Available
Vendor-psuhaxtheweb
Product-haxcms-phpissues
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-31231
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.35%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:56
Updated-14 Oct, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.65 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1.

Action-Not Available
Vendor-solacewp
Product-Solace Extra
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-31090
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.23% / 45.79%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:45
Updated-05 Feb, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elementsunlimited-elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-27881
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.06% / 18.07%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 21:48
Updated-06 Jan, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PTC Vuforia Studio Unrestricted Upload of File with Dangerous Type

A user could use the “Upload Resource” functionality to upload files to any location on the disk.

Action-Not Available
Vendor-ptcPTC
Product-vuforia_studioVuforia Studio
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-27282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3.

Action-Not Available
Vendor-rockgod100
Product-Theme File Duplicator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26892
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 18:06
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.

Action-Not Available
Vendor-dkszone
Product-Celestial Aura
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-23970
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 53.90%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 19:24
Updated-24 Apr, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Corsa Theme <= 1.5 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5.

Action-Not Available
Vendor-woorocketsWooRockets
Product-corsaCorsa
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found