Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress file upload project wordpress file upload vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin up to and including 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malic...
Kaswara Project Kaswara
1 Github repository
1 Article
9.8
CVSSv3
CVE-2022-0316
The WeStand WordPress theme prior to 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPr...
Chimpgroup Westand
Chimpgroup Bolster -
Soundblast Project Soundblast -
Spikes-black Project Spikes-black -
Chimpgroup Spikes -
Pixfill Kings Club -
Club-theme Project Club-theme -
Statfort Project Statfort -
Aidreform Project Aidreform -
Footysquare Project Footysquare -
1 Github repository
9.8
CVSSv3
CVE-2015-1000000
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
Mailcwp Project Mailcwp 1.99
7.8
CVSSv3
CVE-2015-1000013
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1
Csv2wpec-coupon Project Csv2wpec-coupon 1.1
9.8
CVSSv3
CVE-2015-1000001
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
Fast-image-adder Project Fast-image-adder
8.8
CVSSv3
CVE-2019-15866
The crelly-slider plugin prior to 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
Crelly Slider Project Crelly Slider
7.2
CVSSv3
CVE-2022-36285
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg\\, Webp And Ico Files Project Uploading Svg\\, Webp And Ico Files
8.8
CVSSv3
CVE-2021-4382
The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated malicious users to upload arbitrary files on the ...
Recently Project Recently
7.2
CVSSv3
CVE-2022-0863
The WP SVG Icons WordPress plugin up to and including 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.
Wp Svg Icons Project Wp Svg Icons
9.8
CVSSv3
CVE-2016-15033
The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated malicious users to upload arbitra...
Delete All Comments Project Delete All Comments
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »