Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress file upload project wordpress file upload vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-24663
The Simple Schools Staff Directory WordPress plugin up to and including 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
Simple Schools Staff Directory Project Simple Schools Staff Directory
4.3
CVSSv2
CVE-2021-24642
The Scroll Baner WordPress plugin up to and including 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow malicious users to make logged in admin change them and could lead to RCE (via a fi...
Scroll Banner Project Scroll Banner
6.8
CVSSv2
CVE-2019-14216
An issue exists in the svg-vector-icon-plugin (aka WP SVG Icons) plugin up to and including 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
Wp Svg Icons Project Wp Svg Icons
6.8
CVSSv2
CVE-2021-24620
The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin up to and including 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSR...
Simple-e-commerce-shopping-cart Project Simple-e-commerce-shopping-cart
NA
CVE-2023-2180
The KIWIZ Invoices Certification & PDF System WordPress plugin up to and including 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated malicious user to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming ...
Kiwiz Invoices Certification \\& Pdf System Project Kiwiz Invoices Certification \\& Pdf System
NA
CVE-2011-10004
A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1...
Reciply Project Reciply
NA
CVE-2023-5199
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file ...
Php To Page Project Php To Page
NA
CVE-2024-3748
The SP Project & Document Manager WordPress plugin up to and including 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
6.5
CVSSv2
CVE-2021-4225
The SP Project & Document Manager WordPress plugin prior to 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file exte...
Smartypantsplugins Sp Project \\& Document Manager
4.3
CVSSv2
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
125 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »