Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-48276

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-30 Jun, 2026 | 15:11
Updated At-01 Jul, 2026 | 17:28
Rejected At-
Credits

ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:30 Jun, 2026 | 15:11
Updated At:01 Jul, 2026 | 17:28
Rejected At:
â–¼CVE Numbering Authority (CNA)
ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Products
Vendor
Adobe Inc.Adobe
Product
ColdFusion
Default Status
affected
Versions
Affected
  • From 0 through 2023.20 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-434Unrestricted Upload of File with Dangerous Type (CWE-434)
Type: CWE
CWE ID: CWE-434
Description: Unrestricted Upload of File with Dangerous Type (CWE-434)
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
vendor-advisory
Hyperlink: https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:30 Jun, 2026 | 16:16
Updated At:01 Jul, 2026 | 18:16

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update20:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2023
cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:*
Adobe Inc.
adobe
>>coldfusion>>2025
cpe:2.3:a:adobe:coldfusion:2025:update9:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Secondarypsirt@adobe.com
CWE ID: CWE-434
Type: Secondary
Source: psirt@adobe.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/coldfusion/apsb26-68.htmlpsirt@adobe.com
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html
Source: psirt@adobe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

175Records found

CVE-2025-48148
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-14.92% / 96.30%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.

Action-Not Available
Vendor-StoreKeeper B.V.
Product-StoreKeeper for WooCommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9985
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-10||CRITICAL
EPSS-0.62% / 45.56%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 08:20
Updated-16 Oct, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ragic Enterprise Cloud Database - Arbitrary File Upload

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.

Action-Not Available
Vendor-Ragic Corporation
Product-enterprise_cloud_databaseEnterprise Cloud Databaseenterprise_cloud_database
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-6723
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-0.78% / 51.43%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 10:10
Updated-22 May, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted Upload of File with Dangerous Type in Repox

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file type validation controls, resulting in a full system compromise.

Action-Not Available
Vendor-europeanaRepox
Product-repoxRepox
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-24897
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-3.01% / 85.76%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 22:24
Updated-09 Feb, 2026 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the public web root, an attacker can upload and execute arbitrary code on the server, resulting in remote code execution (RCE). This vulnerability allows a low-privileged user to fully compromise the affected Erugo instance. Version 0.2.15 fixes the issue.

Action-Not Available
Vendor-erugoErugoOSS
Product-erugoErugo
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-8615
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-10||CRITICAL
EPSS-0.83% / 53.03%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 08:29
Updated-08 Apr, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-eyecixeyecixeyecix
Product-jobsearch_wp_job_boardJobSearch WP Job Boardjobsearch_wp_job_board
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51419
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.63% / 45.75%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:30
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BERTHA AI Plugin <= 1.11.10.7 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.

Action-Not Available
Vendor-berthaBertha.ai
Product-bertha_aiBERTHA AI. Your AI co-pilot for WordPress and Chrome
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-51473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.62% / 45.18%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 13:12
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TerraClassifieds Plugin <= 2.0.3 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3.

Action-Not Available
Vendor-pixelemuPixelemu
Product-terraclassifiedsTerraClassifieds – Simple Classifieds Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-31324
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-10||CRITICAL
EPSS-99.36% / 99.93%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:50
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-05-20||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Missing Authorization check in SAP NetWeaver (Visual Composer development server)

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

Action-Not Available
Vendor-SAP SE
Product-netweaverSAP NetWeaver (Visual Composer development server)NetWeaver
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-47190
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-10||CRITICAL
EPSS-1.57% / 72.36%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 00:00
Updated-11 Feb, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RCE via file upload vulnerability in Generex CS141

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.

Action-Not Available
Vendor-generexGenerex
Product-cs141_firmwarecs141UPS CS141
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-46839
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.83% / 52.96%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 10:44
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.1 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

Action-Not Available
Vendor-wiselyhubJS Help Desk
Product-js_help_deskJS Help Desk – Best Help Desk & Support Plugin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.56% / 42.61%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 10:42
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through <= 2.5.1.

Action-Not Available
Vendor-pathomationpathomation
Product-Pathomationpathomation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.55% / 41.75%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2022-40981
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.50% / 39.30%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 21:31
Updated-17 Sep, 2024 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device.

Action-Not Available
Vendor-etictelecomETIC Telecom
Product-ras-c-100-lwrfm-eras-ecw-220-lwras-ec-400-lwras-e-220ras-ew-100ras-ew-400ras-e-100ras-e-400ras-ew-220remote_access_server_firmwareras-ecw-400-lwras-ec-220-lwras-ec-480-lwRemote Access Server (RAS)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-9846
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-10||CRITICAL
EPSS-1.04% / 59.81%
||
7 Day CHG~0.00%
Published-23 Sep, 2025 | 12:31
Updated-05 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unrestricted File Upload in TaletSys Inka.Net

Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.1.

Action-Not Available
Vendor-TalentSys Consulting Information Technology Industry Inc.
Product-Inka.Net
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56064
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-14.49% / 96.21%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:54
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

Action-Not Available
Vendor-azzaroco
Product-WP SuperBackup
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-54214
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.67% / 47.50%
||
7 Day CHG+0.01%
Published-06 Dec, 2024 | 13:07
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through <= 1.18.

Action-Not Available
Vendor-roninwproninwp
Product-Revyrevy
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-56046
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.73% / 49.76%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:53
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9.

Action-Not Available
Vendor-vibethemesVibeThemes
Product-wordpress_learning_management_systemWPLMS
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-53822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.74% / 49.95%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 12:24
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

Action-Not Available
Vendor-Genetechgenetechsolutions
Product-Pie Register Premiumpie_register
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51793
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.79% / 75.73%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:52
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.

Action-Not Available
Vendor-webfulcreationsAteeq Rafeeqwebfulcreations
Product-computer_repair_shopRepairBuddycomputer_repair_shop
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.56% / 42.46%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:53
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Audio Record plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record audio-record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through <= 1.0.

Action-Not Available
Vendor-Dang Ngoc Binhdangngocbinh
Product-Audio Recordaudio_record
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:08
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through <= 1.0.1.

Action-Not Available
Vendor-cmsMindscmsminds
Product-Boat Rental Plugin for WordPressboat_rental_plugin_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:42
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2.

Action-Not Available
Vendor-BdThemes
Product-Instant Image Generatorinstant_image_generator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.56% / 42.35%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:57
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify image-classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through <= 1.0.0.

Action-Not Available
Vendor-UjW0Lujwol
Product-Image Classifyimage_classify
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52374
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 18:10
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through <= 1.5.5.

Action-Not Available
Vendor-DoThatTaskdothattask
Product-Do That Taskdo_that_task
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.53% / 40.73%
||
7 Day CHG+0.01%
Published-02 Dec, 2024 | 13:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through <= 1.5.3.

Action-Not Available
Vendor-Stefan Bohacekstefanbohacek
Product-Fediverse Embedsfediverse_embeds
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52379
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 17:40
Updated-11 May, 2026 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through <= 2.0.8.

Action-Not Available
Vendor-faizalbahasankinetic_innovative_technologies_sdn_bhd
Product-kineticPay for WooCommercekineticpay_for_woocommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.53% / 40.73%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 05:55
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY hb-audio-gallery allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through <= 3.0.

Action-Not Available
Vendor-HB WEBSOLteam_hb_websol
Product-HB AUDIO GALLERYhb_audio_gallery
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50525
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:44
Updated-11 May, 2026 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Helloprint plugin <= 2.0.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in helloprint Helloprint helloprint allows Upload a Web Shell to a Web Server.This issue affects Helloprint: from n/a through <= 2.0.4.

Action-Not Available
Vendor-helloprinthelloprinthelloprint
Product-helloprintHelloprinthelloprint
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.99% / 58.25%
||
7 Day CHG~0.00%
Published-30 Oct, 2024 | 07:54
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through <= 6.3.

Action-Not Available
Vendor-webandprint
Product-AR For Woocommerce
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50473
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.03% / 59.58%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 08:30
Updated-12 May, 2026 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3.

Action-Not Available
Vendor-Ajar Productions
Product-Ajar in5 Embedajar_in5_embed
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:39
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through <= 6.2.4.

Action-Not Available
Vendor-carrcommunicationsdavidfcarrdavidfcarr
Product-rsvpmakerRSVPMaker for Toastmastersrsvpmarker
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50493
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.03% / 59.58%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 07:55
Updated-11 May, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4.

Action-Not Available
Vendor-masterhomepagemasterhomepage
Product-Automatic Translationautomatic_translation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 07:53
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through <= 1.2.2.

Action-Not Available
Vendor-Amin Omeramin_omer
Product-Sudan Payment Gateway for WooCommercewc_sudan_payment_gateway
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50526
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.61% / 44.91%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:43
Updated-11 May, 2026 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through <= 1.0.2.

Action-Not Available
Vendor-lindeniLindeni Mahlalelamahlamusa
Product-multi_purpose_mail_formMulti Purpose Mail Formmulti_purpose_mail_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 20:56
Updated-11 May, 2026 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin Propagator plugin <= 0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through <= 0.1.

Action-Not Available
Vendor-widgilabsnunomorgadinhowidgilabs
Product-plugin_propagatorPlugin Propagatorplugin_propagator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.16%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 08:32
Updated-11 May, 2026 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through <= 1.3.

Action-Not Available
Vendor-aDirectoryadirectory
Product-aDirectoryadirectory
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50523
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:46
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All Post Contact Form plugin <= 1.8.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allpost-contactform allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through <= 1.8.2.

Action-Not Available
Vendor-rainbow-linkRainbowLink Inc.rainbowlink
Product-all_post_contact_formAll Post Contact Formall_post_contact_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50482
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-1.03% / 59.58%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 07:57
Updated-12 May, 2026 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.

Action-Not Available
Vendor-Chetan Khandlachetan_khandla
Product-Woocommerce Product Designwoocommerce_product_design
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50496
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 20:54
Updated-11 May, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AR For WordPress plugin <= 6.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 6.6.

Action-Not Available
Vendor-webandprintwebandprintwebandprintdesign
Product-arAR For WordPressar_for_wordpress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50527
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 13:42
Updated-11 May, 2026 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3.

Action-Not Available
Vendor-stacksmarketStacksstacks
Product-stacks_mobile_app_builderStacks Mobile App Builderstacks_mobile_app_builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50484
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 07:56
Updated-12 May, 2026 | 23:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through <= 1.0.2.

Action-Not Available
Vendor-Lindeni Mahlalelamahlamusa
Product-Multi Purpose Mail Formmulti_purpose_mail_form
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:39
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through <= 3.0.5.

Action-Not Available
Vendor-Shafiqshafiq
Product-Digital Lotterydigital_library
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49327
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.18%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:48
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2.

Action-Not Available
Vendor-asepbagjapriandanabepitulazasepbagjapriandana
Product-woostagram_connectWoostagram Connectwoostagram_connect
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49324
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.96%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:51
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0.

Action-Not Available
Vendor-sovratecsovratecdevsovratec
Product-sovratec_case_managementSovratec Case Managementcase_management
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49257
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.92%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 12:56
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through <= 0.9.

Action-Not Available
Vendor-Denisdenis
Product-Azz Anonim Postingazz_anonim_posting
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.53% / 40.84%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:59
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through <= 1.0.

Action-Not Available
Vendor-paxmanpaxmanpwnzpaxman
Product-product_website_showcaseProduct Website Showcaseproduct_website_showcase
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49326
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.18%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:50
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3.

Action-Not Available
Vendor-vasiliskerasiotisVasileios Kerasiotisvasiliskerasiotis
Product-affiliatorAffiliatoraffiliator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49314
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:19
Updated-11 May, 2026 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2.

Action-Not Available
Vendor-jiangqiezhuige
Product-JiangQie Free Mini Programjiangqie_free_mini_program
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.50% / 38.93%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:20
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.

Action-Not Available
Vendor-Gora Tech LLCboxystudio
Product-Cooked Procooked
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.53% / 40.84%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:45
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through <= 1.0.

Action-Not Available
Vendor-brx8rbrx8rbrx8r
Product-nice_backgroundsNice Backgroundsnice_backgrounds
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found