Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2025-05-12 CVE-2025-4556 The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
network
low complexity
CWE-434
critical
9.8
2025-05-09 CVE-2025-4403 The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function.
network
low complexity
CWE-434
critical
9.8
2025-05-09 CVE-2024-11617 The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0.
network
low complexity
CWE-434
critical
9.8
2025-05-09 CVE-2025-3455 The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2.
network
low complexity
CWE-434
8.8
2025-05-09 CVE-2025-4468 Unrestricted Upload of File with Dangerous Type vulnerability in Senior-Walter Online Student Clearance System 1.0
A vulnerability was found in SourceCodester Online Student Clearance System 1.0.
network
low complexity
senior-walter CWE-434
critical
9.8
2025-05-07 CVE-2025-47549 Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Ultimate Before After Image Slider & Gallery
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.
network
low complexity
themefic CWE-434
7.2
2025-05-07 CVE-2025-47550 Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16.
network
low complexity
themefic CWE-434
7.2
2025-05-06 CVE-2025-0984 Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00.
network
low complexity
CWE-434
8.2
2025-05-06 CVE-2025-40625 Unrestricted Upload of File with Dangerous Type vulnerability in Tcman GIM 11.0
Unrestricted file upload in TCMAN's GIM v11.
network
low complexity
tcman CWE-434
critical
9.8
2025-05-06 CVE-2025-4310 Unrestricted Upload of File with Dangerous Type vulnerability in Emiloi Content Management System 1.0
A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0.
network
low complexity
emiloi CWE-434
6.3