Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-12 | CVE-2023-33253 | Unrestricted Upload of File with Dangerous Type vulnerability in Agilebio Labcollector 6.0/6.15 LabCollector 6.0 though 6.15 allows remote code execution. | 8.8 |
| 2023-06-07 | CVE-2023-33498 | Unrestricted Upload of File with Dangerous Type vulnerability in Alist Project Alist alist <=3.16.3 is vulnerable to Incorrect Access Control. | 8.8 |
| 2023-06-07 | CVE-2016-15033 | Unrestricted Upload of File with Dangerous Type vulnerability in Delete ALL Comments Project Delete ALL Comments The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. | 9.8 |
| 2023-06-07 | CVE-2019-25138 | Unrestricted Upload of File with Dangerous Type vulnerability in Plugin-Planet User Submitted Posts The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. | 9.8 |
| 2023-06-07 | CVE-2020-36701 | Unrestricted Upload of File with Dangerous Type vulnerability in King-Theme Page Builder King Composer The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. | 8.8 |
| 2023-06-07 | CVE-2021-4354 | Unrestricted Upload of File with Dangerous Type vulnerability in Magazine3 PWA for WP & AMP The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. | 8.8 |
| 2023-06-07 | CVE-2021-4382 | Unrestricted Upload of File with Dangerous Type vulnerability in Recently Project Recently The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. | 8.8 |
| 2023-06-07 | CVE-2022-4949 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. | 8.8 |
| 2023-06-07 | CVE-2023-33601 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPok 6.4.100 An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
| 2023-06-06 | CVE-2023-33569 | Unrestricted Upload of File with Dangerous Type vulnerability in Faculty Evaluation System Project Faculty Evaluation System 1.0 Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. | 7.2 |