Total
3401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56264 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.6 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through 1.14.0. | ||||
| CVE-2024-9544 | 2 Mapsvg, Wordpress | 2 Mapsvg, Wordpress | 2025-07-13 | 6.4 Medium |
| The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-10584 | 2 Designinvento, Wordpress | 2 Directorypress, Wordpress | 2025-07-13 | 5.4 Medium |
| The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. When DirectoryPress Frontend is installed, this can be exploited by unauthenticated users. | ||||
| CVE-2024-5049 | 1 Codezips | 1 E-commerce Site | 2025-07-13 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264746 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-47842 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | ||||
| CVE-2025-2249 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-32140 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1. | ||||
| CVE-2023-49815 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. | ||||
| CVE-2025-39436 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0. | ||||
| CVE-2024-31114 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | ||||
| CVE-2024-13171 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 7.8 High |
| Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-46479 | 1 Venki | 1 Supravizio Bpm | 2025-07-13 | 9.9 Critical |
| Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. | ||||
| CVE-2025-26350 | 1 Q-free | 1 Maxtime | 2025-07-13 | 4.9 Medium |
| A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests. | ||||
| CVE-2025-3917 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-56054 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | ||||
| CVE-2023-27440 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | ||||
| CVE-2024-10590 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. | ||||
| CVE-2024-56046 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9. | ||||
| CVE-2024-32954 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | ||||
| CVE-2025-28915 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit allows Upload a Web Shell to a Web Server. This issue affects ThemeEgg ToolKit: from n/a through 1.2.9. | ||||