Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
file upload vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-1956
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks....
File Upload Manager File Upload Manager
6.8
CVSSv2
CVE-2014-5199
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of...
Wordpress File Upload Project Wordpress File Upload
6.8
CVSSv2
CVE-2015-4379
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors....
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.1
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.x
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.0
7.5
CVSSv2
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0...
Jquery File Upload Project Jquery File Upload
3 EDB exploits available
1 Metasploit module available
31 Github repositories available
NA
CVE-2023-25781
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions....
Upload File Type Settings Plugin Project Upload File Type Settings Plugin
3.5
CVSSv2
CVE-2021-24961
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
Iptanus Wordpress File Upload
Iptanus Wordpress File Upload Pro
4.3
CVSSv2
CVE-2021-23439
This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file)....
File-upload-with-preview Project File-upload-with-preview
NA
CVE-2023-2767
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for...
Iptanus Wordpress File Upload Pro
Iptanus Wordpress File Upload
NA
CVE-2023-2688
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin...
Iptanus Wordpress File Upload Pro
Iptanus Wordpress File Upload
6.5
CVSSv2
CVE-2021-24962
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the...
Iptanus Wordpress File Upload
Iptanus Wordpress File Upload Pro
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-6527
elevation of privilege
CVE-2023-26360
CVE-2023-40053
dos
unprivileged
CVE-2022-24403
CVE-2023-42916
CVE-2023-49447
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »