CWE-434: Unrestricted File Upload

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the WooCommerce Refund And Exchange plugin due ...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the HT Contact Form Widget plugin due to missin...

The AIT CSV import/export WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulner...

This vulnerability allows unauthenticated attackers to rename uploaded PHP files with .png extensions to .php extensions, enabling remote code executi...

The WPBookit WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability can l...

This vulnerability allows unauthenticated remote attackers to upload arbitrary files to Marvell QConvergeConsole servers, leading to remote code execu...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress servers running vulnerable versions of the Drag and Drop Mu...

This vulnerability in FusionForge's Apache configuration allows remote code execution by enabling attackers to execute arbitrary scripts uploaded to S...

This vulnerability allows remote attackers to upload malicious files to the Soar Cloud HRD Human Resource Management System, which can lead to arbitra...

FreeScout versions before 1.8.179 have an unrestricted file upload vulnerability that allows attackers to upload malicious PHP files (.phtml, .phar ex...

The Crawlomatic WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability af...

Emlog Pro versions before 2.5.10 contain a critical file upload vulnerability in the store.php component that fails to properly validate remotely down...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the 百度站长SEO合集 plugin. Attackers can...

The Envolve Plugin for WordPress allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability af...

Grocery-CMS-PHP-Restful-API v1.3 has an unrestricted file upload vulnerability in the /admin/add-category.php endpoint that allows attackers to upload...

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to upload malicious files that can lead to remote code...

The Smart Product Review WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnera...

The AIHub WordPress theme allows unauthenticated attackers to upload arbitrary files due to missing file type validation in the generate_image functio...

This vulnerability allows attackers to upload arbitrary PHP files to Sourcecodester Online ID Generator System 1.0, leading to remote code execution. ...

The Front End Users WordPress plugin allows unauthenticated attackers to upload arbitrary files through registration forms due to missing file type va...

An arbitrary file upload vulnerability in Mart Developers iBanking v2.0.0 allows authenticated attackers to upload malicious PHP files through the Cli...

This vulnerability allows attackers to read and write arbitrary files on servers running composiohq/composio version 0.4.3 due to improper path valida...

This vulnerability in eosphoros-ai/db-gpt allows attackers to execute arbitrary SQL queries via an unprotected web API endpoint, leading to arbitrary ...

The File Away WordPress plugin allows unauthenticated attackers to upload arbitrary files to affected websites due to missing security checks. This vu...

CVE-2025-2494 allows unrestricted file upload in Softdial Contact Center via the '/softdial/phpconsole/upload.php' endpoint, which is protected only b...

This vulnerability allows attackers to upload malicious SVG or XML files to PublicCMS v4.0.202406, potentially leading to remote code execution. Attac...

FlowiseAI Flowise v2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint that allows attackers to upload malicious...

ShopXO 6.4.0 contains an unrestricted file upload vulnerability in ThemeDataService.php that allows attackers to upload malicious files. This can lead...

An arbitrary file upload vulnerability in Jizhicms v2.5.4 allows attackers to upload malicious Zip files containing PHP code, which can be executed on...

This vulnerability in the Everest Forms WordPress plugin allows unauthenticated attackers to upload, read, and delete arbitrary files on affected serv...

This vulnerability allows unauthenticated attackers to download/upload files and execute API commands on YI Car Dashcam devices. Attackers can disable...

The CleanTalk Security & Malware plugin for WordPress has a critical vulnerability allowing unauthenticated attackers to upload arbitrary files via ZI...

ChestnutCMS versions up to 1.5.0 contain a file upload vulnerability in the Create template function that allows attackers to upload malicious files. ...

The ThemeREX Addons WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerabilit...

The WPBookit WordPress plugin allows unauthenticated attackers to upload arbitrary files due to insufficient file type validation. This vulnerability ...

The WPBot Pro WordPress Chatbot plugin has a critical vulnerability allowing unauthenticated attackers to upload arbitrary files due to missing file t...

CVE-2024-48760 is a critical remote code execution vulnerability in GestioIP v3.5.7 that allows attackers to upload malicious files and overwrite legi...

ClipBucket V5 has a file upload vulnerability in the Manage Playlist functionality that allows attackers to upload PHP script files disguised as playl...

This CVE describes a file upload vulnerability in ChestnutCMS that allows attackers to upload arbitrary files by bypassing extension validation. Attac...

This vulnerability allows unauthenticated attackers to upload arbitrary files to the WukongCRM system via the /adminUser/updateImg endpoint. Successfu...

This vulnerability in Apache Struts allows attackers to manipulate file upload parameters to perform path traversal attacks, potentially leading to re...

Kashipara E-learning Management System v1.0 contains a remote code execution vulnerability in the teacher_avatar.php file upload functionality. Attack...

This vulnerability allows attackers to bypass security restrictions and upload arbitrary files to Joomla websites using the Convert Forms component. A...

DreamMaker from Interinfo has an unauthenticated path traversal vulnerability that allows attackers to upload arbitrary files to any directory. This c...

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the WPGYM Gym Management System plugin due to m...

This vulnerability allows attackers to upload malicious .conf files to OmegaT's Roaming\Omega directory, leading to arbitrary code execution. It affec...

HkCms versions up to v2.3.2.240702 contain an unrestricted file upload vulnerability in the Upload.php component. Attackers can upload malicious files...

The Backup and Staging by WP Time Capsule WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validat...

The WooCommerce Upload Files plugin for WordPress has a critical vulnerability that allows unauthenticated attackers to upload arbitrary files to the ...

This critical vulnerability in Webopac from Grand Vice info allows unauthenticated remote attackers to upload malicious files and execute arbitrary co...