CWE-434: Unrestricted File Upload

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Made I.T. Forms plugin. Attacker...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the WP VR plugin. Attackers can gain...

This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers running the Crossword Compiler Puzzles WordPress p...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable WPAMS plugin. Attacke...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Eximius theme, potentially leading to complete system compr...

Quantum StorNext Web GUI API before version 7.2.4 contains a vulnerability that allows attackers to upload malicious files, potentially leading to arb...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running vulnerable versions of the PowerPres...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running MapSVG Lite. Attackers can achieve r...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Solace Extra plugin. Attackers can execute arbitrary code, ...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Theme File Duplicator plugin. Attackers can execute arbitra...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the WP Remote Thumbnail plugin. Atta...

The Brizy Page Builder WordPress plugin allows authenticated users with Contributor-level access or higher to upload arbitrary files due to missing fi...

This vulnerability in Advantive VeraCore allows authenticated remote users to upload files to unintended folders, potentially exposing sensitive files...

CVE-2025-23918 is an arbitrary file upload vulnerability in the Smallerik File Browser WordPress plugin that allows attackers to upload malicious file...

An unrestricted file upload vulnerability in PMB platform versions 4.0.10 and above allows attackers to upload malicious files and gain remote code ex...

This vulnerability allows attackers to upload malicious files to WordPress servers running the WR Price List Manager for WooCommerce plugin. Attackers...

Venki Supravizio BPM through version 18.0.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious fi...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. It affects all WordPre...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. Attackers can gain ful...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress sites running vulnerable versions of...

CVE-2024-51548 is a dangerous unrestricted file upload vulnerability in ABB ASPECT, NEXUS, and MATRIX series products that allows attackers to upload ...

The Tumult Hype Animations WordPress plugin allows authenticated attackers with Author-level permissions or higher to upload arbitrary files due to mi...

This vulnerability in the WP Quick Setup WordPress plugin allows attackers to upload arbitrary files, including web shells, to the server. It affects ...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the CSV to html plug...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites running the vulnerable PushAssist plugin. Atta...

CVE-2024-52400 is an unrestricted file upload vulnerability in the Gallerio WordPress plugin that allows attackers to upload malicious files, includin...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the CF7 Reply Manager plugin, potentially leading to remote cod...

This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers running the KBucket WordPress plugin. Attackers ca...

This vulnerability allows attackers to upload malicious files (like web shells) to WordPress servers running the Sage AI plugin. It affects all WordPr...

The JobSearch WP Job Board WordPress plugin allows authenticated users with subscriber-level access or higher to upload arbitrary files due to missing...

The mFolio Lite WordPress plugin allows authenticated attackers with Author-level access or higher to upload malicious SVG or EXE files due to missing...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Rudra Innovative Software Traini...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using the SurveyJS plugin, potentially leading to remote code executi...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable AZEXO Marketing Autom...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the INK Official plugin. Attackers c...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites running the vulnerable ReneeCussack 3D Work In...

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable WooCo...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Limb Gallery plugin, potentially leading to remote code exe...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable ACF Images Search And...

This vulnerability allows attackers to upload malicious files, including web shells, to WordPress servers running the External Featured Image from Bin...

This vulnerability allows authenticated users to bypass file upload restrictions in PHPGurukul Job Portal 1.0, potentially uploading malicious files t...

This vulnerability in IBM webMethods Integration 10.15 allows authenticated users to upload and execute arbitrary files on the underlying operating sy...

This vulnerability allows authenticated attackers to upload arbitrary files with dangerous extensions to WordPress sites running Bit Form Pro. Success...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Church Admin plugin. Attackers c...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the Zita Elementor Site Library plugin. ...

The Sirv WordPress plugin (versions up to 7.2.6) allows authenticated attackers with Contributor-level access or higher to upload arbitrary files due ...

CVE-2024-4306 is a critical unrestricted file upload vulnerability in HubBank version 1.0.2 that allows authenticated users to upload malicious PHP fi...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites running the Unlimited Elements for Elementor p...

This vulnerability allows authenticated attackers to upload arbitrary files, including malicious scripts, to WordPress sites running the vulnerable WP...

CVE-2024-31280 is an arbitrary file upload vulnerability in the WordPress Church Admin plugin that allows attackers to upload malicious files to vulne...