Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2016-15042 | Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2020-36842 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. | 8.8 |
| 2024-10-16 | CVE-2021-4443 | The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. | 9.8 |
| 2024-10-16 | CVE-2021-4449 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalzoomstudio Zoomsounds The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. | 9.8 |
| 2024-10-16 | CVE-2024-8746 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-8918 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. | 5.4 |
| 2024-10-15 | CVE-2024-9975 | Unrestricted Upload of File with Dangerous Type vulnerability in Rems Drag and Drop Image Upload 1.0 A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. | 8.8 |
| 2024-10-15 | CVE-2024-9985 | Unrestricted Upload of File with Dangerous Type vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. | 9.8 |
| 2024-10-15 | CVE-2024-9981 | Unrestricted Upload of File with Dangerous Type vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | 8.8 |
| 2024-10-10 | CVE-2024-9815 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Tourist Management System 1.0 A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. | 7.2 |