Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress file upload project wordpress file upload vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2022-0863
The WP SVG Icons WordPress plugin up to and including 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.
Wp Svg Icons Project Wp Svg Icons
NA
CVE-2016-15033
The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated malicious users to upload arbitra...
Delete All Comments Project Delete All Comments
NA
CVE-2023-6316
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated malicious users to upload arbit...
Mw Wp Form Project Mw Wp Form
578
VMScore
CVE-2021-24663
The Simple Schools Staff Directory WordPress plugin up to and including 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
Simple Schools Staff Directory Project Simple Schools Staff Directory
605
VMScore
CVE-2019-14216
An issue exists in the svg-vector-icon-plugin (aka WP SVG Icons) plugin up to and including 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
Wp Svg Icons Project Wp Svg Icons
383
VMScore
CVE-2021-24642
The Scroll Baner WordPress plugin up to and including 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow malicious users to make logged in admin change them and could lead to RCE (via a fi...
Scroll Banner Project Scroll Banner
578
VMScore
CVE-2021-24254
The College publisher Import WordPress plugin up to and including 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a C...
College Publisher Import Project College Publisher Import
606
VMScore
CVE-2021-24620
The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin up to and including 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSR...
Simple-e-commerce-shopping-cart Project Simple-e-commerce-shopping-cart
NA
CVE-2023-2180
The KIWIZ Invoices Certification & PDF System WordPress plugin up to and including 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated malicious user to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming ...
Kiwiz Invoices Certification & Pdf System Project Kiwiz Invoices Certification & Pdf System
NA
CVE-2011-10004
A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1...
Reciply Project Reciply
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »