CWE-434: Unrestricted File Upload

The WP User Frontend Pro plugin for WordPress has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to upload...

The MasterStudy LMS Pro WordPress plugin allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing fi...

The TheGem WordPress theme has an arbitrary file upload vulnerability in all versions up to 5.10.3. Authenticated attackers with Subscriber-level acce...

CVE-2025-4561 is an arbitrary file upload vulnerability in KFOX from KingFor that allows authenticated users with regular privileges to upload malicio...

The External Image Replace WordPress plugin allows authenticated attackers with contributor-level permissions or higher to upload arbitrary files due ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload arbitrary files through vulnerable plugins/th...

The Greenshift WordPress plugin versions 11.4 to 11.4.5 contain a vulnerability that allows authenticated users with Subscriber-level access or higher...

A remote code execution vulnerability in Code Astro Internet Banking System 2.0.0 allows attackers to upload malicious files through the profile_pic p...

The Streamit WordPress theme allows authenticated users with subscriber-level permissions or higher to upload arbitrary files due to missing file type...

The Woffice Core plugin for WordPress has a vulnerability that allows authenticated users with Subscriber-level access or higher to upload arbitrary f...

The Real Estate 7 WordPress theme allows authenticated attackers with Seller-level access or higher to upload arbitrary files due to missing file type...

The Inline Image Upload for BBPress WordPress plugin allows authenticated attackers (Subscriber-level or higher) to upload arbitrary files due to miss...

The SoJ SoundSlides WordPress plugin allows authenticated attackers with Contributor-level access or higher to upload arbitrary files due to missing f...

This vulnerability allows attackers to upload malicious files with dangerous extensions (.py, .sh, .bat, etc.) and execute them via the '/open_file' A...

This vulnerability allows attackers to modify protected system files by restoring maliciously crafted backup files. It affects Apple devices running v...

The Aiomatic WordPress plugin allows authenticated attackers with Contributor-level access or higher to upload arbitrary files due to missing file typ...

This vulnerability allows attackers to upload malicious kernel modules through the CGI configuration upload endpoint in affected Draytek routers, lead...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload arbitrary files due to missing file type vali...

Code-projects Shopping Portal v1.0 has an arbitrary file upload vulnerability in insert-product.php that allows attackers to upload malicious files to...

The Groundhogg WordPress plugin up to version 3.7.3.5 allows authenticated attackers with Author-level access or higher to upload arbitrary files due ...

The Garden Gnome Package WordPress plugin allows authenticated attackers with Author-level access or higher to upload arbitrary files due to missing f...

The Modula Image Gallery WordPress plugin allows authenticated attackers with Author-level access or higher to upload arbitrary files via zip upload f...

An authenticated arbitrary file upload vulnerability in Car Rental Management System versions 1.0 through 1.3 allows attackers with valid credentials ...

CVE-2024-12700 is an unrestricted file upload vulnerability in Aggregate Digital software that allows authenticated low-privileged users to upload JSP...

This vulnerability allows authenticated remote attackers to upload malicious ZIP files through the epaper draft function in Corporate Training Managem...

The Opt-In Downloads WordPress plugin allows authenticated attackers with Subscriber-level access or higher to upload arbitrary files due to missing f...

The Pubnews WordPress theme has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to install arbitrary plugin...

This vulnerability allows authenticated attackers to upload malicious SVG files to the /documentCache/upload endpoint in InfoDom Performa 365 v4.0.1, ...

This vulnerability allows authenticated attackers with Student-level access or higher to upload arbitrary files to WordPress sites running the School ...

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to upload malicious .xml files that can lead to remote code execution. ...

This vulnerability allows authenticated instructors in MarkUs to write arbitrary files to any location on the web server, potentially leading to remot...

This vulnerability allows attackers to upload arbitrary files to affected GL-iNet router devices via the upload interface. Once uploaded, these files ...

This vulnerability in the Wellchoose Administrative Management System allows authenticated users with regular privileges to upload malicious files due...

This CVE describes a file upload vulnerability in Itsourcecode Online Discussion Forum Project v1.0 that allows remote attackers to upload malicious f...

This vulnerability allows attackers to upload arbitrary files, including malicious PHP scripts, to YPay 1.2.0 payment software. Attackers can achieve ...

Dedecms V5.7.115 contains a file upload vulnerability in the backend that allows authenticated attackers to upload malicious files and execute arbitra...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to upload arbitrary files due to missing file type vali...

CVE-2024-45171 is an unrestricted file upload vulnerability in za-internet C-MOR Video Surveillance 5.2401 that allows authenticated users to upload a...

An unrestricted file upload vulnerability in Kashipara Music Management System v1.0 allows attackers to upload malicious PHP files via the /music/ajax...

This vulnerability allows remote attackers to upload arbitrary files to the Huizhi enterprise resource management system, potentially leading to remot...

The Media Library Assistant WordPress plugin allows authenticated attackers with Author-level access or higher to upload arbitrary files due to missin...

This vulnerability in Poly Clariti Manager devices allows attackers to execute arbitrary code by exploiting improper input sanitization. It affects or...

This vulnerability allows authenticated users in FOG Project to upload malicious files disguised as images, leading to remote code execution on the se...

The Social Auto Poster WordPress plugin allows authenticated users with Contributor-level permissions or higher to upload arbitrary files due to missi...

This vulnerability allows attackers to upload malicious files through Automad's image upload function, potentially leading to remote code execution. A...

The Brizy Page Builder WordPress plugin allows authenticated attackers with contributor-level access or higher to upload arbitrary files due to insuff...

Authenticated users in Apache StreamPipes can upload dangerous file types like executables, potentially leading to remote code execution. This affects...

This vulnerability in the wp-eMember WordPress plugin allows administrators to upload arbitrary files without validation, including malicious PHP file...

This vulnerability allows attackers to upload malicious files to the PublicCMS administration interface, leading to remote code execution. It affects ...

This vulnerability allows attackers to upload malicious files to the PublicCMS admin interface, leading to remote code execution. Any organization run...