| CVE-2026-5364 | Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass | addonsorg | Drag and Drop File Upload for Contact Form 7 | High | 8.1 | 2026-04-24 05:29:37 | Deep Dive |
| CVE-2026-5718 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.1 | 2026-04-17 17:25:55 | Deep Dive |
| CVE-2026-5710 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile Field | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 7.5 | 2026-04-17 17:25:55 | Deep Dive |
| CVE-2016-20052 | Snews CMS 1.7 Unrestricted File Upload via snews_files | Snewscms | Snews CMS upload sheller | Critical | 9.8 | 2026-04-04 13:50:57 | Deep Dive |
| CVE-2026-25328 | WordPress Product File Upload for WooCommerce plugin <= 2.2.4 - Arbitrary File Deletion vulnerability | add-ons.org | Product File Upload for WooCommerce | Medium | 6.8 | 2026-03-25 16:14:41 | Deep Dive |
| CVE-2026-4021 | Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 8.1 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-3459 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | High | 8.1 | 2026-03-05 18:25:46 | Deep Dive |
| CVE-2026-3180 | Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.5 | 2026-03-02 17:23:36 | Deep Dive |
| CVE-2025-69379 | WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Deletion vulnerability | vanquish | Upload Files Anywhere | - | - | 2026-02-20 15:46:53 | Deep Dive |
| CVE-2025-69380 | WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability | vanquish | Upload Files Anywhere | - | - | 2026-02-20 15:46:53 | Deep Dive |
| CVE-2026-23803 | WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerability | Burhan Nasir | Smart Auto Upload Images | Medium | 6.4 | 2026-02-19 08:26:50 | Deep Dive |
| CVE-2025-14629 | Alchemist Ajax Upload <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion | tandubhai | Alchemist Ajax Upload | Medium | 5.3 | 2026-01-24 07:26:45 | Deep Dive |
| CVE-2025-14457 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Low | 3.7 | 2026-01-15 06:45:04 | Deep Dive |
| CVE-2025-14842 | Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload | glenwpcoder | Drag and Drop Multiple File Upload for Contact Form 7 | Medium | 6.1 | 2026-01-07 06:36:04 | Deep Dive |
| CVE-2025-62078 | WordPress Easy Upload Files During Checkout plugin <= 3.0.0 - Broken Access Control vulnerability | Fahad Mahmood | Easy Upload Files During Checkout | Medium | 4.3 | 2025-12-31 16:32:01 | Deep Dive |
| CVE-2025-12630 | Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure | Unknown | Upload.am | - | - | 2025-12-02 15:57:41 | Deep Dive |
| CVE-2025-12666 | Google Drive upload and download link <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | oscaruh | Google Drive upload and download link | Medium | 6.4 | 2025-11-27 02:26:13 | Deep Dive |
| CVE-2025-12457 | Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads | ideastocode | Enable SVG, WebP, and ICO Upload | Medium | 6.4 | 2025-11-18 09:27:40 | Deep Dive |
| CVE-2025-13069 | Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass | ideastocode | Enable SVG, WebP, and ICO Upload | High | 8.8 | 2025-11-18 09:27:38 | Deep Dive |
| CVE-2025-4212 | Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting | wpwham | Checkout Files Upload for WooCommerce | High | 7.2 | 2025-11-18 09:27:36 | Deep Dive |