CWE-434: Unrestricted File Upload

This vulnerability allows attackers to upload malicious files to WordPress sites running the InstaWP Connect plugin, leading to remote code execution....

This vulnerability allows authenticated remote attackers to write arbitrary files to Ivanti ITSM servers. Successful exploitation could lead to remote...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Tourfic plugin, potentially leading to remote code execut...

CVE-2024-2599 is a file upload restriction evasion vulnerability in AMSS++ version 4.31 that allows authenticated users to bypass security controls an...

This vulnerability allows attackers to upload arbitrary files, including malicious scripts, to WordPress sites using the WP Media Folder plugin. It af...

Suite CRM version 7.14.2 contains a Local File Inclusion (LFI) vulnerability that allows attackers to include and execute arbitrary PHP files from the...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites running the WP Mail Log plugin. Attackers can upload ...

This vulnerability allows attackers to upload arbitrary files, including malicious scripts, to WordPress sites using the Corsa theme. It affects all v...

This vulnerability allows attackers to upload arbitrary files to WordPress sites using vulnerable versions of the AutomateWoo plugin for WooCommerce. ...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Export Import Menus plugin. Attackers can upload maliciou...

This vulnerability allows attackers to upload arbitrary files to WordPress sites running the Dropshipping & Affiliation with Amazon plugin. Attackers ...

This vulnerability allows remote authenticated users to upload malicious ZIP archives that can execute arbitrary system commands with SYSTEM privilege...

CVE-2022-3682 is a file permission validation vulnerability in Hitachi Energy SDM600 that allows authenticated attackers to upload specially crafted m...

This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to upload arbitrary files, including malicious PH...

This vulnerability allows authenticated attackers to upload malicious ASPX files to Ivanti Endpoint Manager servers, leading to remote code execution....

This is a critical remote code execution vulnerability in Microsoft Devices Pricing Program that allows attackers to execute arbitrary code on affecte...

The Slider Future WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability ...

The midi-Synth WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing validation in the 'export' AJAX action. This...

Airleader Master versions 6.381 and prior have unrestricted file upload functionality on multiple webpages running with maximum privileges. This allow...

This vulnerability allows attackers to upload malicious files to NTN Smart Panel systems, bypassing access controls. Attackers can execute arbitrary c...

This vulnerability allows unauthenticated attackers to upload arbitrary PHP files to WordPress sites using the WPvivid Backup & Migration plugin, lead...

FUXA v1.2.7 has an unauthenticated file upload vulnerability in the /api/upload endpoint that allows remote attackers to upload arbitrary files. This ...

MediaCrush versions through 1.0.1 contain an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files of...

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without proper authentication, leading to stored cross-site scriptin...

Computer Book Store 1.0 contains an unrestricted file upload vulnerability in admin_add.php that allows attackers to upload malicious files. This can ...

CVE-2025-69565 is an unrestricted file upload vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to upload malicio...

The Kalrav AI Agent WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerabilit...

This vulnerability allows unauthenticated attackers to upload malicious PHP files disguised as images to the Modern Image Gallery App v1.0. Successful...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the vulnerable g-FFL Checkout plugin...

This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers running the Farost Energia WordPress theme. Attack...

MeetingHub software from HAMASTAR Technology contains an unauthenticated arbitrary file upload vulnerability that allows remote attackers to upload ma...

CVE-2025-14894 is an unauthenticated remote code execution vulnerability in Livewire Filemanager for Laravel applications. Attackers can upload malici...

The Police Statistics Database System developed by Gotac contains an arbitrary file upload vulnerability that allows unauthenticated remote attackers ...

This CVE describes a critical file upload vulnerability in Omnispace Agora Project that allows attackers to execute arbitrary code through the Imagick...

CVE-2021-47819 is a critical file upload vulnerability in ProjeQtOr Project Management software that allows guest users to upload malicious PHP files ...

CVE-2021-47753 is an unauthenticated file upload vulnerability in phpKF CMS that allows remote attackers to upload malicious PHP files disguised as PN...

An arbitrary file upload vulnerability in Hubert Hub v2.0 allows attackers to upload malicious PDF files to execute arbitrary code on affected systems...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Corpkit theme. It affects all Wo...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the ContentStudio plugin. Attackers ...

CVE-2024-27480 is an insecure file upload vulnerability in VvvebJs 1.7.2 that allows attackers to upload malicious files without proper validation. Th...

VvvebJs 1.7.2 contains an unrestricted file upload vulnerability in save.php that allows attackers to upload arbitrary files, including malicious scri...

A file upload vulnerability in MachSol MachPanel 8.0.32 allows attackers to upload malicious files and gain webshell access. This affects organization...

CVE-2025-15228 is a critical arbitrary file upload vulnerability in WELLTEND TECHNOLOGY's BPMFlowWebkit software. Unauthenticated remote attackers can...

WMPro software from Sunnet contains an unauthenticated arbitrary file upload vulnerability that allows remote attackers to upload malicious files (lik...

CVE-2023-53980 is a critical remote code execution vulnerability in ProjectSend r1605 that allows attackers to upload malicious files with disguised e...

The File Uploader for WooCommerce WordPress plugin allows unauthenticated attackers to upload arbitrary files to the Uploadcare service, which can the...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Contact Form 7 PDF, Google Sheet & Database plugin. Attacke...

SitemagicCMS 4.4.3 contains an unrestricted file upload vulnerability that allows attackers to upload malicious PHP files, leading to remote code exec...

CVE-2023-53922 is a critical remote code execution vulnerability in TinyWebGallery v2.5 that allows unauthenticated attackers to upload malicious PHP ...

Soosyze 2.0.0 contains an unrestricted file upload vulnerability that allows attackers to upload HTML files containing PHP code. This enables remote c...