Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress upload file plugin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-0888
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated malicious users ...
Ninjaforms Ninja Forms File Uploads
NA
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 up to and including 1.5.10 for WordPress does not properly restrict access, which allows remote malicious users to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.6
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.10
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.2
1 EDB exploit
9.8
CVSSv3
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin prior to 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected...
Syntactics Free Booking Plugin For Hotels, Restaurant And Car Rental
8.1
CVSSv3
CVE-2022-0403
The Library File Manager WordPress plugin prior to 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any a...
Wpjos Library File Manager
1 Github repository
NA
CVE-2014-10021
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
Wpsymposiumpro Wp Symposium 14.11
2 EDB exploits
NA
CVE-2014-9308
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin prior to 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a...
Wpeasycart Wp Easycart
2 EDB exploits
7.2
CVSSv3
CVE-2023-7082
The Import any XML or CSV File to WordPress plugin prior to 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator...
Soflyy Export Any Wordpress Data To Xml/csv
7.5
CVSSv3
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
NA
CVE-2014-5460
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin prior to 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-ga...
Tribulant Tibulant Slideshow Gallery 1.4
Tribulant Tibulant Slideshow Gallery 1.4.4
Tribulant Tibulant Slideshow Gallery 1.4.5
Tribulant Tibulant Slideshow Gallery 1.4.1
Tribulant Tibulant Slideshow Gallery
Tribulant Tibulant Slideshow Gallery 1.4.3
Tribulant Tibulant Slideshow Gallery 1.4.2
2 EDB exploits
NA
CVE-2015-2825
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin prior to 2.5.96 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...
Simple Ads Manager Project Simple Ads Manager
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824
CVE-2024-30095
CVE-2024-30104
client side
CVE-2024-5840
CVE-2024-34405
unprivileged
wireless
CVE-2024-4577
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »