CWE-434: Unrestricted File Upload

This vulnerability allows attackers to upload arbitrary files, including web shells, to Sovratec Case Management web servers. Attackers can achieve re...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress websites running the vulnerable Product Website Show...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the JiangQie Free Mini Program plugi...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the Cooked Pro plugin. Attackers can upload m...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Digital Lottery plugin. Attacker...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Azz Anonim Posting plugin. Attac...

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 that allows attackers to upload malicious files to th...

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plugin that allows attackers to upload malicious file...

This vulnerability allows attackers to upload malicious files to WordPress sites using the BuddyPress Cover plugin, potentially leading to remote code...

This vulnerability allows attackers to upload malicious files to WordPress sites running the ActiveDEMAND plugin. Attackers can upload dangerous file ...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the Copymatic plugin. Attackers can upload ma...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the vulnerable Kognetiks Chatbot plugin. Attackers can upload...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including malicious scripts, to WordPress sites running the vulnerable ...

This critical vulnerability in UvDesk Community allows unauthenticated attackers to upload malicious files and execute arbitrary code on affected syst...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the vulnerable AI Engine plugin. Attackers ca...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Chauffeur Taxi Booking System plugin. Attackers can uploa...

CVE-2023-49815 is an unauthenticated arbitrary file upload vulnerability in the WappPress WordPress plugin. Attackers can upload malicious files witho...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the MainWP File Uploader Extension. This can le...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the vulnerable WooCommerce Easy Checkout Fiel...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the affected plugin, potentially leading to r...

CVE-2024-0643 is a critical unrestricted file upload vulnerability in C21 Live Encoder and Live Mosaic version 5.3 that allows remote attackers to upl...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the JS Help Desk plugin. Attackers can upload malicious files...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including malicious scripts, to WordPress sites running the vulnerable ...

CVE-2023-51468 is an unauthenticated arbitrary file upload vulnerability in the Rencontre WordPress dating site plugin. Attackers can upload malicious...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the WP MLM SOFTWARE PLUGIN. Attackers can upl...

CVE-2023-6723 is an unrestricted file upload vulnerability in Repbox that allows attackers to upload malicious files via the transforamationfileupload...

CVE-2022-47893 is a critical remote code execution vulnerability in NetMan 204 devices that allows attackers to upload malicious firmware containing a...

CVE-2023-35189 is a critical remote code execution vulnerability in Iagona ScrutisWeb versions 2.1.37 and earlier. Unauthenticated attackers can uploa...

This vulnerability allows unrestricted file uploads in LRM (Logistics Resource Management) systems, enabling attackers to upload malicious executable ...

This vulnerability in Contact Form 7 WordPress plugin allows unrestricted file upload due to improper filename validation. Attackers can upload malici...

This vulnerability allows remote attackers to upload and execute arbitrary PHP code on WordPress sites using the vulnerable wp-file-manager plugin. At...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Bravis Addons plugin. It affects all WordPress installation...

This vulnerability allows attackers to upload malicious files, including web shells, to servers running the Wiguard WordPress theme. It affects all ve...

Explorance Blue versions before 8.14.13 contain an authenticated remote file download vulnerability that can be exploited to achieve remote code execu...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running the Miion WordPress theme. Attackers can achie...

CVE-2025-68909 is an arbitrary file upload vulnerability in the Blogistic WordPress theme that allows attackers to upload malicious files without prop...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Blogzee theme, potentially leading to complete system compr...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Real Homes CRM plugin. Attackers can exploit this to execut...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the Blogmatic theme, potentially leading to remote code executi...

The WordPress News Event theme (versions up to 1.0.1) contains an unrestricted file upload vulnerability that allows attackers to upload arbitrary fil...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using affected Themify themes. It enables remo...

This vulnerability allows attackers to upload arbitrary files, including web shells, to servers running vulnerable versions of the MapSVG WordPress pl...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Motors theme. It affects all Motors theme installations fro...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the Case Addons plugin, potentially leading to remote code exec...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the Kallyas theme, potentially leading to remote code execution...

CVE-2025-63601 is a critical remote code execution vulnerability in Snipe-IT asset management software. Authenticated attackers can upload malicious b...

This vulnerability allows authenticated users in Paymenter webshop software to upload arbitrary files through ticket attachments. Attackers can exploi...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable Pin W...

This vulnerability allows attackers to upload malicious files to websites using the ReachShip WooCommerce Multi-Carrier & Conditional Shipping plugin....

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Made I.T. Forms plugin. Attacker...