Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress file upload project wordpress file upload vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2014-5199
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) prior to 2.4.2 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: s...
Wordpress File Upload Project Wordpress File Upload
760
VMScore
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) prior to 1.0.0 for WordPress and prior to 2.0.1 for Joomla!, allows remot...
Creative-solutions Creative Contact Form
Jquery File Upload Project Jquery File Upload 6.4.4
2 EDB exploits
1 Github repository
436
VMScore
CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and previous versions, as used in WordPress prior to 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote malicious users to inject arbitrary web script or HTML via the movieName paramet...
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Swfupload Project Swfupload 1.0.2
Swfupload Project Swfupload 2.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.2
Swfupload Project Swfupload 2.1.0
Wordpress Wordpress 3.0.5
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2.1
Wordpress Wordpress 3.3
Swfupload Project Swfupload 2.2.0
Swfupload Project Swfupload
Wordpress Wordpress -
Wordpress Wordpress 3.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress
1 EDB exploit
2 Github repositories
1 Article
668
VMScore
CVE-2014-4972
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and previous versions for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-c...
Ajax Upload For Gravity Forms Project Ajax Upload For Gravity Forms
NA
CVE-2022-4101
The Images Optimize and Upload CF7 WordPress plugin up to and including 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.
Images Optimize And Upload Cf7 Project Images Optimize And Upload Cf7
578
VMScore
CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can b...
Wordpress Popular Posts Project Wordpress Popular Posts
755
VMScore
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 up to and including 1.5.10 for WordPress does not properly restrict access, which allows remote malicious users to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.10
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.6
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.2
1 EDB exploit
755
VMScore
CVE-2017-1002002
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
Webapp-builder Project Webapp-builder 2.0
1 EDB exploit
505
VMScore
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
755
VMScore
CVE-2017-1002001
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Mobile-app-builder-by-wappress Project Mobile-app-builder-by-wappress 1.05
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »