Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2025-04-02 CVE-2025-2005 The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32.
network
low complexity
CWE-434
critical
9.8
2025-04-01 CVE-2025-2891 The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4.
network
low complexity
CWE-434
8.8
2025-04-01 CVE-2025-2008 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19.
network
low complexity
CWE-434
8.8
2025-04-01 CVE-2025-3042 A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0.
network
low complexity
CWE-434
6.3
2025-04-01 CVE-2025-3041 A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0.
network
low complexity
CWE-434
6.3
2025-03-31 CVE-2025-3040 A vulnerability was found in Project Worlds Online Time Table Generator 1.0.
network
low complexity
CWE-434
6.3
2025-03-31 CVE-2025-2978 A vulnerability was found in WCMS 11.
network
low complexity
CWE-434
6.3
2025-03-31 CVE-2025-2973 Unrestricted Upload of File with Dangerous Type vulnerability in Code-Projects College Management System 1.0
A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0.
network
low complexity
code-projects CWE-434
critical
9.8
2025-03-30 CVE-2025-2952 Unrestricted Upload of File with Dangerous Type vulnerability in Bluestar Micro Mall 1.0
A vulnerability classified as critical was found in Bluestar Micro Mall 1.0.
network
low complexity
bluestar CWE-434
critical
9.8
2025-03-29 CVE-2025-2249 The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2.
network
low complexity
CWE-434
8.8