Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress upload file plugin vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
660
VMScore
CVE-2014-5460
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin prior to 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-ga...
Tribulant Tibulant Slideshow Gallery 1.4.4
Tribulant Tibulant Slideshow Gallery 1.4.5
Tribulant Tibulant Slideshow Gallery
Tribulant Tibulant Slideshow Gallery 1.4.2
Tribulant Tibulant Slideshow Gallery 1.4.3
Tribulant Tibulant Slideshow Gallery 1.4
Tribulant Tibulant Slideshow Gallery 1.4.1
2 EDB exploits
755
VMScore
CVE-2012-1010
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin prior to 1.1.8 for WordPress allows remote malicious users to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspeci...
Likno Allwebmenus Plugin 1.0.12
Likno Allwebmenus Plugin 1.0.17
Likno Allwebmenus Plugin 1.1.1
Likno Allwebmenus Plugin 1.1.2
Likno Allwebmenus Plugin 1.0.10
Likno Allwebmenus Plugin 1.0.11
Likno Allwebmenus Plugin 1.0.23
Likno Allwebmenus Plugin 1.0.24
Likno Allwebmenus Plugin
Likno Allwebmenus Plugin 1.0.4
Likno Allwebmenus Plugin 1.0.9
Likno Allwebmenus Plugin 1.0.21
Likno Allwebmenus Plugin 1.0.22
Likno Allwebmenus Plugin 1.1.5
Likno Allwebmenus Plugin 1.1.6
Likno Allwebmenus Plugin 1.0.1
Likno Allwebmenus Plugin 1.0.3
Likno Allwebmenus Plugin 1.0.18
Likno Allwebmenus Plugin 1.0.19
Likno Allwebmenus Plugin 1.0.20
Likno Allwebmenus Plugin 1.1.3
Likno Allwebmenus Plugin 1.1.4
1 EDB exploit
755
VMScore
CVE-2012-1011
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote malicious users to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing ...
Likno Allwebmenus Plugin 1.1.8
1 EDB exploit
755
VMScore
CVE-2015-2825
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin prior to 2.5.96 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...
Simple Ads Manager Project Simple Ads Manager
1 EDB exploit
685
VMScore
CVE-2008-6811
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and previous versions for Wordpress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the ...
Instinct E-commerce Plugin
1 EDB exploit
685
VMScore
CVE-2013-5961
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote malicious users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
Danny Morris Lazy Seo 1.1.9
1 EDB exploit
855
VMScore
CVE-2013-1916
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
User Photo Project User Photo 0.9.4
1 EDB exploit
1000
VMScore
CVE-2012-3575
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.
Rbx Gallery Rbx Gallery 2.1
1 EDB exploit
755
VMScore
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin prior to 3.1.4 for WordPress allows remote malicious users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to t...
Reflex Gallery Project Reflex Gallery
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »