Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-12	CVE-2025-4556	The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. network low complexity CWE-434 critical	9.8
2025-05-09	CVE-2025-4403	The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. network low complexity CWE-434 critical	9.8
2025-05-09	CVE-2024-11617	The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. network low complexity CWE-434 critical	9.8
2025-05-09	CVE-2025-3455	The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. network low complexity CWE-434	8.8
2025-05-09	CVE-2025-4468	Unrestricted Upload of File with Dangerous Type vulnerability in Senior-Walter Online Student Clearance System 1.0 A vulnerability was found in SourceCodester Online Student Clearance System 1.0. network low complexity senior-walter CWE-434 critical	9.8
2025-05-07	CVE-2025-47549	Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Ultimate Before After Image Slider & Gallery Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10. network low complexity themefic CWE-434	7.2
2025-05-07	CVE-2025-47550	Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16. network low complexity themefic CWE-434	7.2
2025-05-06	CVE-2025-0984	Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00. network low complexity CWE-434	8.2
2025-05-06	CVE-2025-40625	Unrestricted Upload of File with Dangerous Type vulnerability in Tcman GIM 11.0 Unrestricted file upload in TCMAN's GIM v11. network low complexity tcman CWE-434 critical	9.8
2025-05-06	CVE-2025-4310	Unrestricted Upload of File with Dangerous Type vulnerability in Emiloi Content Management System 1.0 A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. network low complexity emiloi CWE-434	6.3