Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress upload file plugin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-1002000
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
Mobile-friendly-app-builder-by-easytouch Project Mobile-friendly-app-builder-by-easytouch 3.0
1 EDB exploit
9 Github repositories
9.8
CVSSv3
CVE-2017-1002001
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Mobile-app-builder-by-wappress Project Mobile-app-builder-by-wappress 1.05
1 EDB exploit
7.2
CVSSv3
CVE-2023-6558
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attacke...
Webtoffee Import Export Wordpress Users
9.8
CVSSv3
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin prior to 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected...
Syntactics Free Booking Plugin For Hotels\\, Restaurant And Car Rental
9.8
CVSSv3
CVE-2022-0888
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated malicious users ...
Ninjaforms Ninja Forms File Uploads
NA
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 up to and including 1.5.10 for WordPress does not properly restrict access, which allows remote malicious users to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.10
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.6
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.2
1 EDB exploit
8.1
CVSSv3
CVE-2022-0403
The Library File Manager WordPress plugin prior to 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any a...
Wpjos Library File Manager
1 Github repository
NA
CVE-2014-10021
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
Wpsymposiumpro Wp Symposium 14.11
2 EDB exploits
NA
CVE-2014-9308
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin prior to 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a...
Wpeasycart Wp Easycart
2 EDB exploits
7.2
CVSSv3
CVE-2023-7082
The Import any XML or CSV File to WordPress plugin prior to 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator...
Soflyy Export Any Wordpress Data To Xml\\/csv
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »