CWE-434: Unrestricted File Upload

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the WP Load Gallery plugin. Attacker...

This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers running the UkrSolution Barcode Scanner with Inven...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPMasterToolKit plugin. Attackers ca...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. It affects all WordPre...

This vulnerability allows attackers to upload malicious files, including web shells, to WordPress sites using the SeedProd Pro plugin. This can lead t...

This vulnerability in Synapse Matrix homeserver allows attackers to trigger processing of uncommon image formats by enabling dynamic_thumbnails or sen...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Halyra CDI plugin. Attackers can upload malicious files l...

This vulnerability allows attackers to upload arbitrary files, including malicious scripts, to WordPress sites running the Iconize plugin. Successful ...

The User Profile Builder WordPress plugin before version 3.11.8 has an authorization vulnerability that allows unauthenticated users to upload media f...

The Bug Library WordPress plugin before version 2.1.1 has an unrestricted file upload vulnerability that allows unauthenticated attackers to upload PH...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Realtyna Organic IDX plugin, potentially leading to code ex...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Import Spreadsheets from Microsoft Excel plugin, potentiall...

This vulnerability allows attackers to upload malicious ZIP files containing dangerous file types to WordPress sites using the Unlimited Elements for ...

This vulnerability allows attackers to upload malicious files to WordPress sites using the JS Help Desk plugin. It affects all versions up to 2.7.7, p...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Z-Downloads plugin. Attackers can upload malicious files ...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the AI Engine: ChatGPT Chatbot plugin. Attackers can exploit ...

This vulnerability in pyload allows authenticated users to change the download folder and upload malicious templates, leading to remote code execution...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Tribulant Newsletters plugin. Attackers can upload malici...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including malicious scripts, to WordPress sites running the vulnerable ...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Auto Poster plugin. Attackers can upload malicious files ...

This vulnerability allows attackers to upload malicious files, such as web shells, to WordPress servers running the vulnerable Multiple Page Generator...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the AI Engine: ChatGPT Chatbot plugin. Attackers can exploit ...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the vulnerable WebToffee Product Import Export for WooCommerc...

This vulnerability allows attackers to upload malicious files to the certbadge.php endpoint in Open eClass, potentially leading to remote code executi...

This vulnerability allows attackers to upload arbitrary files to WooCommerce sites using the Mollie Payments plugin, potentially leading to remote cod...

This vulnerability allows authenticated users to upload large image files that consume excessive server memory, potentially causing denial of service....

This vulnerability allows attackers to upload arbitrary files to Progress Application Server (PAS) for OpenEdge via the WEB transport. Affected organi...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the Olive One Click Demo Import plugin. Attac...

This vulnerability allows authenticated privileged attackers to upload malicious zip files to EspoCRM servers, leading to arbitrary PHP code execution...

This vulnerability allows authenticated Ad Hoc Transfer users in WS_FTP Server to upload arbitrary files to any location on the underlying operating s...

Gym Management System Project v1.0 has an insecure file upload vulnerability that allows authenticated attackers to upload malicious files and execute...

Yoga Class Registration System 1.0 contains an unrestricted file upload vulnerability that allows authenticated administrators to upload malicious fil...

This vulnerability allows remote attackers to execute arbitrary Java code on General Bytes Crypto Application Server by uploading malicious applicatio...

An unauthenticated remote file upload vulnerability in Trend Micro Apex One allows attackers to upload arbitrary files to the server's SampleSubmissio...

This vulnerability allows authenticated WordPress users with appropriate permissions to create arbitrary files on the server via the GiveWP plugin's e...

This vulnerability allows authenticated admin users on Tekon KIO devices to escalate privileges to root by uploading malicious Lua plugin scripts. It ...

This vulnerability allows attackers with administrator or admin privileges in SmarterTrack to overwrite critical configuration files in the app_data/C...

This vulnerability allows attackers with administrator access to upload malicious files to InHand Networks IR615 routers without proper validation. Th...

This vulnerability in multiple Thrive Themes WordPress themes allows attackers to execute arbitrary code on affected websites. By exploiting an insecu...

This vulnerability allows authenticated attackers with admin console access to bypass file upload restrictions in Magento, potentially leading to arbi...

This CVE describes an unsafe file upload vulnerability in Magento that allows authenticated administrators to upload malicious files, potentially lead...

This vulnerability allows authenticated administrators in Online Bike Rental v1.0 to upload arbitrary files, including malicious scripts, leading to r...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the WP Webhooks plugin, potentially leading to remote code exec...

This vulnerability allows authenticated attackers to upload arbitrary files, including malicious executables, to SAP Supplier Relationship Management ...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Form Block plugin. At...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the Fancy Product Designer plugin. Attackers ...

This vulnerability allows attackers to upload malicious files to Adobe Commerce servers, potentially leading to arbitrary code execution. It affects A...

CVE-2024-2636 is an unrestricted file upload vulnerability in Cegid Meta4 HR that allows attackers to upload malicious JSP files to the server via the...

This vulnerability allows authenticated attackers to upload arbitrary firmware to Motorola MR2600 routers, leading to remote code execution. Attackers...

CVE-2023-51412 is an unauthenticated arbitrary file upload vulnerability in the Piotnet Forms WordPress plugin. Attackers can upload malicious files w...