Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-12 | CVE-2025-2219 | A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. | 7.3 |
| 2025-03-12 | CVE-2025-2216 | A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. | 6.3 |
| 2025-03-08 | CVE-2024-13359 | Unrestricted Upload of File with Dangerous Type vulnerability in Tychesoftwares Product Input Fields for Woocommerce The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0. | 9.8 |
| 2025-03-08 | CVE-2024-13882 | Unrestricted Upload of File with Dangerous Type vulnerability in Coderevolution Aiomatic The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_generate_featured_image' function in all versions up to, and including, 2.3.8. | 8.8 |
| 2025-03-08 | CVE-2024-13908 | Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Smtp The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. | 7.2 |
| 2025-03-06 | CVE-2025-2035 | A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. | 6.3 |
| 2025-03-04 | CVE-2025-1890 | Unrestricted Upload of File with Dangerous Type vulnerability in Shishuocms Project Shishuocms 1.1 A vulnerability has been found in shishuocms 1.1 and classified as critical. | 9.8 |
| 2025-02-28 | CVE-2024-8425 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpswings Woocommerce Ultimate Gift Card The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. | 9.8 |
| 2025-02-26 | CVE-2025-0731 | An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. | 6.5 |
| 2025-02-25 | CVE-2025-1128 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpeverest Everest Forms The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. | 9.8 |