Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-47559 WordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerability — MapSVG 9.9 Critical2025-06-17
CVE-2025-47452 WordPress WP VR plugin <= 8.5.26 - Arbitrary File Upload Vulnerability — WP VR 9.9 Critical2025-06-17
CVE-2025-49444 WordPress Reformer for Elementor plugin <= 1.0.5 - Arbitrary File Upload Vulnerability — Reformer for Elementor 10.0 Critical2025-06-17
CVE-2025-49447 WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Upload Vulnerability — FW Food Menu 10.0 Critical2025-06-17
CVE-2025-3515 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks — Drag and Drop Multiple File Upload for Contact Form 7 8.1 High2025-06-17
CVE-2025-6161 SourceCodester Simple Food Ordering System editproduct.php unrestricted upload — Simple Food Ordering System 7.3 High2025-06-17
CVE-2025-3234 File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload — File Manager Pro – Filester 7.2 High2025-06-14
CVE-2025-5012 Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media' — Workreap 8.8 High2025-06-12
CVE-2025-6002 VirtueMart - Unrestricted File Upload — VirtueMart 7.2 High2025-06-11
CVE-2025-5395 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload — WordPress Automatic Plugin 8.8 High2025-06-11
CVE-2025-4387 Abandoned Cart Pro for WooCommerce <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload — Abandoned Cart Pro for WooCommerce 8.8 High2025-06-10
CVE-2025-32291 WordPress SUMO Affiliates Pro plugin < 11.1.0 - Arbitrary File Upload vulnerability — SUMO Affiliates Pro 10.0 Critical2025-06-09
CVE-2025-5873 eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload — Salia PLCC 6.3 Medium2025-06-09
CVE-2025-3835 Remote Code Execution — Exchange Reporter Plus 9.6 Critical2025-06-09
CVE-2025-5840 SourceCodester Client Database Management System user_update_customer_order.php unrestricted upload — Client Database Management System 7.3 High2025-06-07
CVE-2025-49329 WordPress Store Locator WordPress plugin <= 1.5.2 - Arbitrary File Upload Vulnerability — Store Locator WordPress 6.6 Medium2025-06-06
CVE-2025-48782 Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type — HRD Human Resource Management System 9.8AICriticalAI2025-06-06
CVE-2025-5728 SourceCodester Open Source Clinic Management System manage_website.php unrestricted upload — Open Source Clinic Management System 6.3 Medium2025-06-06
CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload — WP User Frontend Pro 8.8 High2025-06-05
CVE-2025-48953 Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads — Umbraco-CMS 5.5 Medium2025-06-03
CVE-2025-1725 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads — File Manager 6.4 Medium2025-06-03
CVE-2024-7074 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution — WSO2 Enterprise Integrator 6.8 Medium2025-06-02
CVE-2025-5406 chaitak-gorai Blogbook posts.php unrestricted upload — Blogbook 6.3 Medium2025-06-01
CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation — gradio 5.3 Medium2025-05-30
CVE-2025-48471 FreeScout Vulnerable to Arbitrary File Upload — freescout 8.8AIHighAI2025-05-29
CVE-2025-5299 SourceCodester Client Database Management System user_order_customer_update.php unrestricted upload — Client Database Management System 7.3 High2025-05-28
CVE-2025-4800 MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload — MasterStudy LMS Pro 8.8 High2025-05-28
CVE-2025-5178 Realce Tecnologia Queue Ticket Kiosk Image File ajax.php unrestricted upload — Queue Ticket Kiosk 6.3 Medium2025-05-26
CVE-2025-5171 llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload — MTA Maita Training System 6.3 Medium2025-05-26
CVE-2025-5162 H3C SecCenter SMP-E1114P02 importFile unrestricted upload — SecCenter SMP-E1114P02 6.3 Medium2025-05-26

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.