Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2024-10-31 CVE-2024-10392 The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89.
network
low complexity
CWE-434
critical
9.8
2024-10-29 CVE-2024-7985 Unrestricted Upload of File with Dangerous Type vulnerability in Fileorganizer
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9.
network
low complexity
fileorganizer CWE-434
8.8
2024-10-28 CVE-2024-50495 Unrestricted Upload of File with Dangerous Type vulnerability in Widgilabs Plugin Propagator 0.1
Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.
network
low complexity
widgilabs CWE-434
critical
9.8
2024-10-28 CVE-2024-50496 Unrestricted Upload of File with Dangerous Type vulnerability in Webandprint AR
Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2.
network
low complexity
webandprint CWE-434
critical
10.0
2024-10-28 CVE-2024-50623 Unrestricted Upload of File with Dangerous Type vulnerability in Cleo Harmony, Lexicom and Vltrader
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
network
low complexity
cleo CWE-434
critical
9.8
2024-10-27 CVE-2024-10420 Unrestricted Upload of File with Dangerous Type vulnerability in Nurhodelta17 Attendance and Payroll System 1.0
A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0.
network
low complexity
nurhodelta17 CWE-434
critical
9.8
2024-10-27 CVE-2024-10413 Unrestricted Upload of File with Dangerous Type vulnerability in Janobe Online Hotel Reservation System 1.0
A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0.
network
low complexity
janobe CWE-434
critical
9.8
2024-10-27 CVE-2024-10410 Unrestricted Upload of File with Dangerous Type vulnerability in Janobe Online Hotel Reservation System 1.0
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0.
network
low complexity
janobe CWE-434
7.2
2024-10-26 CVE-2024-9932 The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0.
network
low complexity
CWE-434
critical
9.8
2024-10-23 CVE-2024-10292 Unrestricted Upload of File with Dangerous Type vulnerability in Zzcms 2023
A vulnerability was found in ZZCMS 2023 and classified as critical.
network
low complexity
zzcms CWE-434
critical
9.8