Total
3718 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14641 | 1 Carmelo | 1 Computer Laboratory System | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2022-26645 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | |||||
| CVE-2025-14530 | 1 Remyandrade | 1 Real Estate Property Listing App | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2015-10135 | 1 Eoxia | 1 Wpshop 2 | 2025-12-16 | N/A | 9.8 CRITICAL |
| The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2016-15043 | 1 Wp Mobile Detector Project | 1 Wp Mobile Detector | 2025-12-16 | N/A | 9.8 CRITICAL |
| The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2015-10138 | 1 Lynton Reed | 1 Work The Flow File Upload | 2025-12-16 | N/A | 9.8 CRITICAL |
| The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2012-10020 | 1 Webmovementllc | 1 Foxypress | 2025-12-16 | N/A | 9.8 CRITICAL |
| The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2015-10137 | 1 Najeebmedia | 1 Website Contact Form With File Upload | 2025-12-16 | N/A | 9.8 CRITICAL |
| The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' function in versions up to, and including, 1.3.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | |||||
| CVE-2024-58283 | 1 Wbce | 1 Wbce Cms | 2025-12-16 | N/A | 8.8 HIGH |
| WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter. | |||||
| CVE-2015-10144 | 1 I13websolution | 1 Thumbnail Carousel Slider | 2025-12-16 | N/A | 8.8 HIGH |
| The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible. | |||||
| CVE-2023-53869 | 2025-12-16 | N/A | N/A | ||
| WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server. | |||||
| CVE-2025-13094 | 2025-12-15 | N/A | 8.8 HIGH | ||
| The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-34506 | 1 Wbce | 1 Wbce Cms | 2025-12-15 | N/A | 8.8 HIGH |
| WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed. | |||||
| CVE-2025-13646 | 1 Wpchill | 1 Modula Image Gallery | 2025-12-15 | N/A | 7.5 HIGH |
| The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-12853 | 1 Wpchill | 1 Modula Image Gallery | 2025-12-15 | N/A | 8.8 HIGH |
| The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2018-4063 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2025-12-15 | 9.0 HIGH | 8.8 HIGH |
| An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2024-56050 | 1 Vibethemes | 1 Wordpress Learning Management System | 2025-12-12 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3. | |||||
| CVE-2024-56052 | 1 Vibethemes | 1 Wordpress Learning Management System | 2025-12-12 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||
| CVE-2024-56054 | 1 Vibethemes | 1 Wordpress Learning Management System | 2025-12-12 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||
| CVE-2024-56057 | 1 Vibethemes | 1 Wordpress Learning Management System | 2025-12-12 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | |||||