Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress upload file plugin vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-38140
Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress.
Squirrly Seo Plugin By Squirrly Seo
9.8
CVSSv3
CVE-2019-25138
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated malicious users to upload arbitrary fi...
Plugin-planet User Submitted Posts
9.8
CVSSv3
CVE-2022-27862
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows malicious users to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.
Vikwp Vikbooking Hotel Booking Engine \\& Property Management System Plugin
NA
CVE-2013-2173
wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote malicious users to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie.
Wordpress Wordpress 3.5.1
8.8
CVSSv3
CVE-2022-3125
The Frontend File Manager Plugin WordPress plugin prior to 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
Najeebmedia Frontend File Manager
8.1
CVSSv3
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin prior to 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an malicious user to traverse the file system to access files and execute code via the includes/fields/upload.php (aka up...
Ninjaforms Ninja Forms File Uploads
1 Github repository
5.4
CVSSv3
CVE-2023-4821
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin prior to 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
Codedropz Drag And Drop Multiple File Uploader
8.8
CVSSv3
CVE-2020-35235
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin up to and including 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulne...
Themexa Secure File Manager
9.8
CVSSv3
CVE-2017-1002001
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Mobile-app-builder-by-wappress Project Mobile-app-builder-by-wappress 1.05
1 EDB exploit
9.8
CVSSv3
CVE-2017-1002002
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
Webapp-builder Project Webapp-builder 2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »