| 2024-10-05 | CVE-2024-9417 | The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. | 6.1 |
| 2024-10-05 | CVE-2024-8743 | The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. | 6.8 |
| 2024-10-04 | CVE-2024-37868 | Unrestricted Upload of File with Dangerous Type vulnerability in Emiloimagtolis Online Discussion Forum 1.0
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. | 8.8 |
| 2024-10-04 | CVE-2024-37869 | Unrestricted Upload of File with Dangerous Type vulnerability in Emiloimagtolis Online Discussion Forum 1.0
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable | 8.8 |
| 2024-10-04 | CVE-2024-47655 | Unrestricted Upload of File with Dangerous Type vulnerability in Shilpisoft Client Dashboard
This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. | 8.8 |
| 2024-10-02 | CVE-2024-7855 | The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. | 8.8 |
| 2024-10-01 | CVE-2024-9108 | The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. network low complexity CWE-434 critical | 9.8 |
| 2024-09-27 | CVE-2024-9280 | Unrestricted Upload of File with Dangerous Type vulnerability in Kvf-Admin Project Kvf-Admin 20220212
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. | 9.8 |
| 2024-09-26 | CVE-2024-8126 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. | 8.8 |
| 2024-09-26 | CVE-2024-8725 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager
Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. | 5.4 |