Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress file upload project wordpress file upload vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-0316
The WeStand WordPress theme prior to 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPr...
Chimpgroup Westand
Chimpgroup Bolster -
Soundblast Project Soundblast -
Spikes-black Project Spikes-black -
Chimpgroup Spikes -
Pixfill Kings Club -
Club-theme Project Club-theme -
Statfort Project Statfort -
Aidreform Project Aidreform -
Footysquare Project Footysquare -
1 Github repository
445
VMScore
CVE-2015-1000000
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
Mailcwp Project Mailcwp 1.99
445
VMScore
CVE-2015-1000013
Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1
Csv2wpec-coupon Project Csv2wpec-coupon 1.1
445
VMScore
CVE-2015-1000001
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
Fast-image-adder Project Fast-image-adder
578
VMScore
CVE-2019-15866
The crelly-slider plugin prior to 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
Crelly Slider Project Crelly Slider
NA
CVE-2022-36285
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.
Uploading Svg\\, Webp And Ico Files Project Uploading Svg\\, Webp And Ico Files
NA
CVE-2021-4382
The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated malicious users to upload arbitrary files on the ...
Recently Project Recently
578
VMScore
CVE-2022-0863
The WP SVG Icons WordPress plugin up to and including 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.
Wp Svg Icons Project Wp Svg Icons
NA
CVE-2016-15033
The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated malicious users to upload arbitra...
Delete All Comments Project Delete All Comments
NA
CVE-2023-6316
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated malicious users to upload arbit...
Mw Wp Form Project Mw Wp Form
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »