Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress file upload project wordpress file upload vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-24663
The Simple Schools Staff Directory WordPress plugin up to and including 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
Simple Schools Staff Directory Project Simple Schools Staff Directory
6.8
CVSSv2
CVE-2019-14216
An issue exists in the svg-vector-icon-plugin (aka WP SVG Icons) plugin up to and including 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
Wp Svg Icons Project Wp Svg Icons
4.3
CVSSv2
CVE-2021-24642
The Scroll Baner WordPress plugin up to and including 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow malicious users to make logged in admin change them and could lead to RCE (via a fi...
Scroll Banner Project Scroll Banner
6.8
CVSSv2
CVE-2021-24620
The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin up to and including 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSR...
Simple-e-commerce-shopping-cart Project Simple-e-commerce-shopping-cart
NA
CVE-2023-2180
The KIWIZ Invoices Certification & PDF System WordPress plugin up to and including 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated malicious user to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming ...
Kiwiz Invoices Certification \\& Pdf System Project Kiwiz Invoices Certification \\& Pdf System
NA
CVE-2011-10004
A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1...
Reciply Project Reciply
NA
CVE-2023-5199
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file ...
Php To Page Project Php To Page
NA
CVE-2024-3748
The SP Project & Document Manager WordPress plugin up to and including 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
6.5
CVSSv2
CVE-2021-4225
The SP Project & Document Manager WordPress plugin prior to 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file exte...
Smartypantsplugins Sp Project \\& Document Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4