Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2024-11-09 CVE-2024-10547 The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2.
network
low complexity
CWE-434
critical
9.8
2024-11-09 CVE-2024-10627 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7.
network
low complexity
CWE-434
critical
9.8
2024-11-08 CVE-2024-51152 Unrestricted Upload of File with Dangerous Type vulnerability in Alexstack Laravel CMS
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component.
network
low complexity
alexstack CWE-434
7.2
2024-11-08 CVE-2024-10999 Unrestricted Upload of File with Dangerous Type vulnerability in Surajkumarvishwakarma Real Estate Management System 1.0
A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0.
network
low complexity
surajkumarvishwakarma CWE-434
7.2
2024-11-08 CVE-2024-11000 Unrestricted Upload of File with Dangerous Type vulnerability in Surajkumarvishwakarma Real Estate Management System 1.0
A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0.
network
low complexity
surajkumarvishwakarma CWE-434
7.2
2024-11-08 CVE-2024-10993 Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0
A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0.
network
low complexity
codezips CWE-434
8.8
2024-11-08 CVE-2024-10994 Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0
A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical.
network
low complexity
codezips CWE-434
8.8
2024-11-06 CVE-2024-8614 Unrestricted Upload of File with Dangerous Type vulnerability in Eyecix Jobsearch WP JOB Board
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7.
network
low complexity
eyecix CWE-434
8.8
2024-11-06 CVE-2024-8615 Unrestricted Upload of File with Dangerous Type vulnerability in Eyecix Jobsearch WP JOB Board
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7.
network
low complexity
eyecix CWE-434
critical
9.8
2024-11-06 CVE-2024-9307 Unrestricted Upload of File with Dangerous Type vulnerability in Themelooks Mfolio
The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1.
network
low complexity
themelooks CWE-434
8.8