Page 2 of 1006 results (0.003 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

12 Jun 2025 — The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 8.5.26. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wpvr/vulnerability/wordpress-wp-vr-8-5-26-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

12 Jun 2025 — The MapSVG plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 8.5.32. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/mapsvg/vulnerability/wordpress-mapsvg-plugin-8-5-32-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

12 Jun 2025 — The FW Food Menu – Responsive food menu with ordering & delivery solutions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/fw-food-menu/vulnerability/wordpress-fw-food-menu-6-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Workreap para <... • https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-3-06-june-2025 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/ova-events-manager/vulnerability/wordpress-ovatheme-events-manager-plugin-1-7-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — The flozen-theme theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.5.1 (exclusive). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/theme/flozen-theme/vulnerability/wordpress-flozen-1-5-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — The ReFormer – Multichannel Contact Form for Elementor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/reformer-elementor/vulnerability/wordpress-reformer-for-elementor-1-0-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

10 Jun 2025 — The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server The Axle Demo Importer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected ... • https://wpscan.com/vulnerability/673f35ff-e1d5-4099-86e7-8b6e3e410ef8 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

10 Jun 2025 — The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to d... • https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215 • CWE-36: Absolute Path Traversal •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

10 Jun 2025 — The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wordpress-automatic-plugin/1904470#item-description__changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •