| 2025-02-17 | CVE-2025-1388 | Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells | 8.8 |
| 2025-02-16 | CVE-2025-1355 | Unrestricted Upload of File with Dangerous Type vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0. | 9.8 |
| 2025-02-12 | CVE-2024-10960 | Unrestricted Upload of File with Dangerous Type vulnerability in Brizy
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. | 8.8 |
| 2025-02-12 | CVE-2024-13714 | The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. | 8.8 |
| 2025-02-11 | CVE-2024-13544 | Unrestricted Upload of File with Dangerous Type vulnerability in Amini7 Zarinpal Paid Download
The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 4.8 |
| 2025-02-10 | CVE-2024-13011 | The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. network low complexity CWE-434 critical | 9.8 |
| 2025-02-06 | CVE-2024-57668 | Unrestricted Upload of File with Dangerous Type vulnerability in Fabianros Shopping Portal 1.0
In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability. | 8.8 |
| 2025-02-05 | CVE-2025-1028 | The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. | 8.1 |
| 2025-01-28 | CVE-2024-13448 | Unrestricted Upload of File with Dangerous Type vulnerability in Themerex Addons
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. | 9.8 |
| 2025-01-27 | CVE-2025-0722 | Unrestricted Upload of File with Dangerous Type vulnerability in Needyamin Image Gallery Management System 1.0
A vulnerability classified as critical was found in needyamin image_gallery 1.0. | 7.2 |