Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Associated Vulnerability
Clear Filters
Found 156 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-13799 User Private Files – File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting deepakkiteFile Sharing & Download Manager – User Private Files Medium 6.4 2025-02-19 05:22:53 Deep Dive
CVE-2025-22696 WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability WPDeveloperDocument Block – Upload & Embed Docs Medium 5.4 2025-02-04 14:21:14 Deep Dive
CVE-2024-12267 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion glenwpcoderDrag and Drop Multiple File Upload for Contact Form 7 Medium 5.3 2025-01-31 11:11:09 Deep Dive
CVE-2024-13504 Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload anssilaitilaShared Files – Frontend File Upload Form & Secure File Sharing High 7.2 2025-01-31 05:22:35 Deep Dive
CVE-2024-9939 WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php nickbossIptanus File Upload High 7.5 2025-01-08 08:18:17 Deep Dive
CVE-2024-11635 WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution nickbossIptanus File Upload Critical 9.8 2025-01-08 07:18:39 Deep Dive
CVE-2024-11613 WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion nickbossIptanus File Upload Critical 9.8 2025-01-08 06:41:36 Deep Dive
CVE-2024-12719 WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal nickbossIptanus File Upload Medium 4.3 2025-01-07 09:22:15 Deep Dive
CVE-2024-56035 WordPress Upload Scanner plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability Kurt PayneUpload Scanner High 7.1 2025-01-02 09:17:17 Deep Dive
CVE-2024-11103 Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover contest-galleryContest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Critical 9.8 2024-11-28 09:47:09 Deep Dive
CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' wpdevteamEmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more Medium 6.4 2024-11-28 08:47:31 Deep Dive
CVE-2024-11091 Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload sayedulsayemSupport SVG – Upload svg files in wordpress without hassle Medium 6.4 2024-11-26 08:31:55 Deep Dive
CVE-2024-11265 Wp Maximum Upload File Size <= 1.1.3 - Authenticated (Author+) Full Path Disclosure codepopularEasyMedia – Increase Media Upload File Size | Role-Based Upload Limit | Increase Execution Time Medium 4.3 2024-11-23 05:40:12 Deep Dive
CVE-2024-10820 WooCommerce Upload Files <= 84.3 - Unauthenticated Arbitrary File Upload UnknownWooCommerce Upload Files Critical 9.8 2024-11-13 03:20:08 Deep Dive
CVE-2024-10687 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection contest-galleryContest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Critical 9.8 2024-11-05 09:30:59 Deep Dive
CVE-2024-39639 WordPress File Upload plugin <= 4.24.7 - Broken Access Control + CSRF vulnerability Nickolas BossinasWordPress File Upload Medium 4.3 2024-11-01 14:17:54 Deep Dive
CVE-2024-9708 Easy SVG Upload <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload wpdelowerEasy SVG Upload Medium 6.4 2024-10-31 02:34:23 Deep Dive
CVE-2024-10016 File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload jaredatchFile Upload Types by WPForms Medium 6.4 2024-10-25 08:34:40 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive
CVE-2024-9891 Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation zluckMultiLine Files for Contact Form 7 Medium 4.3 2024-10-16 02:05:06 Deep Dive