Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-60207

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-06 Nov, 2025 | 15:55
Updated At-20 Jan, 2026 | 14:28
Rejected At-
Credits

WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:06 Nov, 2025 | 15:55
Updated At:20 Jan, 2026 | 14:28
Rejected At:
â–¼CVE Numbering Authority (CNA)
WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2.

Affected Products
Vendor
Addify
Product
Custom User Registration Fields for WooCommerce
Collection URL
https://wordpress.org/plugins
Package Name
user-registration-plugin-for-woocommerce
Default Status
unaffected
Versions
Affected
  • From n/a through <= 2.1.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-650Upload a Web Shell to a Web Server
CAPEC ID: CAPEC-650
Description: Upload a Web Shell to a Web Server
Solutions
Configurations
Workarounds
Exploits
Credits
finder
0xd4rk5id3 | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/user-registration-plugin-for-woocommerce/vulnerability/wordpress-custom-user-registration-fields-for-woocommerce-plugin-2-1-2-arbitrary-file-upload-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/user-registration-plugin-for-woocommerce/vulnerability/wordpress-custom-user-registration-fields-for-woocommerce-plugin-2-1-2-arbitrary-file-upload-vulnerability?_s_id=cve
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:06 Nov, 2025 | 16:16
Updated At:20 Jan, 2026 | 15:17

Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Secondaryaudit@patchstack.com
CWE ID: CWE-434
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/user-registration-plugin-for-woocommerce/vulnerability/wordpress-custom-user-registration-fields-for-woocommerce-plugin-2-1-2-arbitrary-file-upload-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/user-registration-plugin-for-woocommerce/vulnerability/wordpress-custom-user-registration-fields-for-woocommerce-plugin-2-1-2-arbitrary-file-upload-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

133Records found
CVE-2025-6327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:56
Updated-20 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress King Addons for Elementor plugin <= 51.1.36 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.

Action-Not Available
Vendor-KingAddons.com
Product-King Addons for Elementor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:08
Updated-15 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.

Action-Not Available
Vendor-cmsMindscmsminds
Product-Boat Rental Plugin for WordPressboat_rental_plugin_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52380
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-52.33% / 97.85%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:39
Updated-15 Nov, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.

Action-Not Available
Vendor-Softpulse Infotechsoftpulse_infotech
Product-Picsmizepicsmize
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.16% / 78.24%
||
7 Day CHG+0.70%
Published-07 Jan, 2025 | 10:49
Updated-07 Jan, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6.

Action-Not Available
Vendor-ThemeGlow
Product-JobBoard Job listing
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6723
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 10:10
Updated-22 May, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in Repox

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.

Action-Not Available
Vendor-europeanaRepox
Product-repoxRepox
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-43160
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-83.71% / 99.26%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 11:41
Updated-13 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.

Action-Not Available
Vendor-BerqWPberqier
Product-BerqWPberqwp
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-60219
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.08% / 24.13%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 08:32
Updated-26 Sep, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This issue affects WooCommerce Designer Pro: from n/a through 1.9.24.

Action-Not Available
Vendor-HaruTheme
Product-WooCommerce Designer Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51791
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.58% / 68.33%
||
7 Day CHG-0.02%
Published-11 Nov, 2024 | 05:54
Updated-23 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0.

Action-Not Available
Vendor-Made I.T.madeit
Product-Formsforms
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-24897
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.14% / 34.09%
||
7 Day CHG-0.35%
Published-28 Jan, 2026 | 22:24
Updated-09 Feb, 2026 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the public web root, an attacker can upload and execute arbitrary code on the server, resulting in remote code execution (RCE). This vulnerability allows a low-privileged user to fully compromise the affected Erugo instance. Version 0.2.15 fixes the issue.

Action-Not Available
Vendor-erugoErugoOSS
Product-erugoErugo
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-50482
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-49.11% / 97.69%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 07:57
Updated-29 Oct, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0.

Action-Not Available
Vendor-Chetan Khandlachetan_khandla
Product-Woocommerce Product Designwoocommerce_product_design
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.84% / 74.39%
||
7 Day CHG-0.02%
Published-04 Nov, 2024 | 13:43
Updated-23 Jan, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2.

Action-Not Available
Vendor-lindenimahlamusamahlamusa
Product-multi_purpose_mail_formMulti Purpose Mail Formmulti_purpose_mail_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50527
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:42
Updated-06 Nov, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.

Action-Not Available
Vendor-stacksmarketStacksstacks
Product-stacks_mobile_app_builderStacks Mobile App Builderstacks_mobile_app_builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-9846
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-10||CRITICAL
EPSS-0.22% / 44.38%
||
7 Day CHG-0.12%
Published-23 Sep, 2025 | 12:31
Updated-24 Sep, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted File Upload in TaletSys Inka.Net

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection.This issue affects Inka.Net: before 6.7.1.

Action-Not Available
Vendor-TalentSys Consulting Information Technology Industry Inc.
Product-Inka.Net
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-52221
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.31% / 54.07%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 11:55
Updated-23 Aug, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.1 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1.

Action-Not Available
Vendor-ukrsolutionUkrSolutionukrsolution
Product-barcode_scanner_and_inventory_managerBarcode Scanner and Inventory managerbarcode_scanner_and_inventory_manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-69828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.34% / 56.54%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 00:00
Updated-26 Jan, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-67288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.03% / 10.38%
||
7 Day CHG-0.07%
Published-22 Dec, 2025 | 00:00
Updated-08 Jan, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279.

Action-Not Available
Vendor-n/aUmbraco A/S (Umbraco)
Product-umbraco_cmsn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-7268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-1.02% / 76.79%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 16:43
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

Action-Not Available
Vendor-nortekcontroln/a
Product-linear_emerge_50p_firmwarelinear_emerge_50plinear_emerge_5000p_firmwarelinear_emerge_5000pn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51419
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:30
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BERTHA AI Plugin <= 1.11.10.7 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.

Action-Not Available
Vendor-berthaBertha.ai
Product-bertha_aiBERTHA AI. Your AI co-pilot for WordPress and Chrome
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:14
Updated-26 Aug, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rencontre – Dating Site Plugin <= 3.10.1 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.

Action-Not Available
Vendor-boiteasiteJacques Malgrangeboiteasite
Product-download_rencontre_-_dating_siteRencontre – Dating Sitedownload_rencontre_-_dating_site
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:09
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP MLM Unilevel Plugin <= 4.0 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.

Action-Not Available
Vendor-wpmlmsoftwareIOSS
Product-wp_mlm_unilevelWP MLM SOFTWARE PLUGIN
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:12
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TerraClassifieds Plugin <= 2.0.3 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3.

Action-Not Available
Vendor-pixelemuPixelemu
Product-terraclassifiedsTerraClassifieds – Simple Classifieds Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51409
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-92.62% / 99.74%
||
7 Day CHG-0.37%
Published-12 Apr, 2024 | 13:15
Updated-22 Jan, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.

Action-Not Available
Vendor-meowappsJordy Meowai_engine_project
Product-ai_engineAI Engine: ChatGPT Chatbotai_engine
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51411
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:50
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Frontend Admin by DynamiApps Plugin <= 3.18.3 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.

Action-Not Available
Vendor-dynamiappsShabti Kaplan
Product-frontend_adminFrontend Admin by DynamiApps
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-60235
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:55
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.0.

Action-Not Available
Vendor-Plugify
Product-Helpdesk Support Ticket System for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-49815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.66% / 70.57%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 05:31
Updated-06 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.

Action-Not Available
Vendor-WappPress Teamwapppressteam
Product-WappPresswapppress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-52691
Matching Score-4
Assigner-5f57b9bf-260d-4433-bf07-b6a79e9bb7d4
ShareView Details
Matching Score-4
Assigner-5f57b9bf-260d-4433-bf07-b6a79e9bb7d4
CVSS Score-10||CRITICAL
EPSS-72.70% / 98.74%
||
7 Day CHG-10.02%
Published-29 Dec, 2025 | 02:15
Updated-27 Jan, 2026 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-02-16||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Upload Arbitrary Files

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Action-Not Available
Vendor-smartertoolsSmarterToolsSmarterTools
Product-smartermailSmarterMailSmarterMail
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.14% / 33.39%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 11:52
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through 5.0.6.

Action-Not Available
Vendor-HaruTheme
Product-Drag and Drop Multiple File Upload (Pro) - WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49414
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:17
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FW Gallery <= 8.0.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0.

Action-Not Available
Vendor-Fastw3b LLC
Product-FW Gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49071
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 22.52%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server. This issue affects Flozen: from n/a through n/a.

Action-Not Available
Vendor-NasaTheme
Product-Flozen
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-26 Jun, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reformer for Elementor <= 1.0.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5.

Action-Not Available
Vendor-merkulove
Product-Reformer for Elementor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49060
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-20 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wastia theme < 1.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through < 1.1.3.

Action-Not Available
Vendor-CMSSuperHeroes
Product-Wastia
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-49447
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0.

Action-Not Available
Vendor-Fastw3b LLC
Product-FW Food Menu
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.73%
||
7 Day CHG+0.01%
Published-23 May, 2025 | 12:43
Updated-27 May, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.

Action-Not Available
Vendor-StoreKeeper B.V.
Product-StoreKeeper for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47642
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.73%
||
7 Day CHG+0.01%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5.

Action-Not Available
Vendor-Ajar Productions
Product-Ajar in5 Embed
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47637
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.73%
||
7 Day CHG+0.01%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0.

Action-Not Available
Vendor-STAGGS
Product-STAGGS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-48148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.13% / 32.27%
||
7 Day CHG+0.06%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.

Action-Not Available
Vendor-StoreKeeper B.V.
Product-StoreKeeper for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-48106
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-20 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clanora theme < 1.3.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1.

Action-Not Available
Vendor-CMSSuperHeroes
Product-Clanora
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47641
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.73%
||
7 Day CHG+0.01%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8.

Action-Not Available
Vendor-printcart
Product-Printcart Web to Print Product Designer for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-47577
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.19% / 40.52%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 18:15
Updated-05 Jun, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TI WooCommerce Wishlist < 2.10.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a before 2.10.0.

Action-Not Available
Vendor-TemplateInvaders
Product-TI WooCommerce Wishlist
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-39401
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.12% / 31.09%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:26
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

Action-Not Available
Vendor-mojoomla
Product-WPAMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-43936
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-28.38% / 96.40%
||
7 Day CHG~0.00%
Published-06 Dec, 2021 | 17:39
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Distributed Data Systems WebHM

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.

Action-Not Available
Vendor-webhmiDistributed Data Systems
Product-webhmi_firmwarewebhmiWebHMI
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-42645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-6.88% / 91.19%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 11:14
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.

Action-Not Available
Vendor-cmsimple-xhn/a
Product-cmsimple_xhn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-38397
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.35% / 57.14%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 01:21
Updated-16 Apr, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.

Action-Not Available
Vendor-Honeywell International Inc.
Product-c200eapplication_control_environment_firmwarec300_firmwarec200e_firmwarec300c200_firmwareapplication_control_environmentc200Experion PKS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.41% / 61.12%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:47
Updated-23 Jan, 2026 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.

Action-Not Available
Vendor-joomskyJoomSky
Product-js_job_managerJS Job Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 21.91%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:54
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SUMO Affiliates Pro <= 10.7.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0.

Action-Not Available
Vendor-FantasticPlugins
Product-SUMO Affiliates Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-32510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-30 Jul, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ovatheme Ovatheme Events Manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through 1.8.4.

Action-Not Available
Vendor-Ovatheme
Product-Ovatheme Events Manager
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-30933
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 20.33%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:18
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LogisticsHub <= 1.1.6 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub allows Upload a Web Shell to a Web Server. This issue affects LogisticsHub: from n/a through 1.1.6.

Action-Not Available
Vendor-LiquidThemes
Product-LogisticsHub
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-29009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.07% / 22.52%
||
7 Day CHG-0.00%
Published-16 Jul, 2025 | 11:28
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through 1.2.3.

Action-Not Available
Vendor-Webkul Software Pvt. Ltd.
Product-Medical Prescription Attachment Plugin for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-26776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.24% / 46.24%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 15:52
Updated-24 Feb, 2025 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chaty Pro Plugin <= 3.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.

Action-Not Available
Vendor-NotFound
Product-Chaty Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-23953
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.24% / 46.24%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:29
Updated-22 Jan, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.

Action-Not Available
Vendor-Innovative Solutions
Product-user files
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found