Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-32579 WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability — Sync Posts 9.9 Critical2025-04-11
CVE-2025-32215 WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability — Accessibility Suite 6.5 Medium2025-04-10
CVE-2025-32206 WordPress Processing Projects Plugin <= 1.0.2 - Arbitrary File Upload vulnerability — Processing Projects 9.1 Critical2025-04-10
CVE-2025-32202 WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability — Insert or Embed Articulate Content into WordPress 9.1 Critical2025-04-10
CVE-2025-32140 WordPress WP Remote Thumbnail Plugin <= 1.3.2 - Arbitrary File Upload vulnerability — WP Remote Thumbnail 9.9 Critical2025-04-10
CVE-2025-31002 WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability — Squeeze 9.1 Critical2025-04-09
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution — issues 10.0 Critical2025-04-08
CVE-2025-3410 mymagicpower AIAS LocalStorageController.java unrestricted upload — AIAS 6.3 Medium2025-04-08
CVE-2025-2525 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload — Streamit 8.8 High2025-04-08
CVE-2025-3324 godcheese/code-projects Nimrod FileRestController.java unrestricted upload — Nimrod 6.3 Medium2025-04-06
CVE-2025-1500 IBM Maximo Application Suite file upload — Maximo Application Suite 5.5 Medium2025-04-05
CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerability — CMP – Coming Soon & Maintenance 9.1 Critical2025-04-04
CVE-2025-3244 SourceCodester Web-based Pharmacy Product Management System Create User Page add-admin.php unrestricted upload — Web-based Pharmacy Product Management System 6.3 Medium2025-04-04
CVE-2025-2780 Woffice Core <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload — Woffice Core 8.8 High2025-04-04
CVE-2024-13708 Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting — Booster for WooCommerce 7.2 High2025-04-04
CVE-2024-13744 Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload — Booster for WooCommerce 8.1 High2025-04-04
CVE-2025-3169 Projeqtor saveAttachment.php unrestricted upload — Projeqtor 5.0 Medium2025-04-03
CVE-2025-3123 WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload — WonderCMS 4.7 Medium2025-04-02
CVE-2025-2005 Front-End-Only-Users <= 3.2.32 - Unauthenticated Arbitrary File Upload — Front End Users 9.8 Critical2025-04-02
CVE-2025-27692 Dell Wyse Management Suite 代码问题漏洞 — Wyse Management Suite Repository 4.7 Medium2025-04-02
CVE-2025-2891 WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload — Real Estate 7 WordPress 8.8 High2025-04-01
CVE-2025-2008 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload — WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress 8.8 High2025-04-01
CVE-2025-3042 Project Worlds Online Time Table Generator updateprofile.php unrestricted upload — Online Time Table Generator 6.3 Medium2025-04-01
CVE-2025-3041 Project Worlds Online Time Table Generator updatestudent.php unrestricted upload — Online Time Table Generator 6.3 Medium2025-03-31
CVE-2025-3040 Project Worlds Online Time Table Generator add_student.php unrestricted upload — Online Time Table Generator 6.3 Medium2025-03-31
CVE-2025-31577 WordPress Appointify plugin <= 1.0.8 - Arbitrary File Upload vulnerability — Appointify 6.6 Medium2025-03-31
CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload — WCMS 6.3 Medium2025-03-31
CVE-2025-2973 code-projects College Management System student.php unrestricted upload — College Management System 6.3 Medium2025-03-31
CVE-2025-2952 Bluestar Micro Mall api.php unrestricted upload — Micro Mall 6.3 Medium2025-03-30
CVE-2025-2249 SoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload — SoJ SoundSlides 8.8 High2025-03-29

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.