CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018

2018 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-48777	WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability — Elementor Website Builder	9.9	Critical	2024-03-26
CVE-2023-48275	WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability — Widgets for Google Reviews	8.0	High	2024-03-26
CVE-2023-39307	WordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability — Avada	8.5	High	2024-03-26
CVE-2023-38388	WordPress Jupiter X Core plugin <= 3.3.5 - Unauth. Arbitrary File Upload vulnerability — JupiterX Core	9.0	Critical	2024-03-26
CVE-2023-47873	WordPress WP Child Theme Generator plugin <= 1.0.9 - Arbitrary File Upload vulnerability — WP Child Theme Generator	9.1	Critical	2024-03-26
CVE-2023-47846	WordPress WP Githuber MD plugin <= 1.16.2 - Arbitrary File Upload vulnerability — WP Githuber MD	9.1	Critical	2024-03-26
CVE-2023-47842	WordPress CataBlog plugin <= 1.7.0 - Arbitrary File Upload vulnerability — CataBlog	9.1	Critical	2024-03-26
CVE-2023-29386	WordPress Manager for Icomoon plugin <= 2.0 - Arbitrary File Upload vulnerability — Manager for Icomoon	9.1	Critical	2024-03-26
CVE-2023-27440	WordPress Toolset Types plugin <= 3.4.17 - Authenticated Arbitrary File Upload Vulnerability — Types	7.2	High	2024-03-26
CVE-2023-23656	WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability — MainWP File Uploader Extension	10.0	Critical	2024-03-26
CVE-2023-6091	WordPress Theme Editor plugin <= 2.7.1 - Arbitrary File Upload vulnerability — Theme Editor	7.2	High	2024-03-26
CVE-2024-30231	WordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerability — Product Import Export for WooCommerce	9.1	Critical	2024-03-26
CVE-2024-28105	phpMyFAQ's File Upload Bypass at Category Image Leads to RCE — phpMyFAQ	7.2	High	2024-03-25
CVE-2020-36825	cyberaz0r WebRAT api.php download_file unrestricted upload — WebRAT	6.3	Medium	2024-03-24
CVE-2024-2849	SourceCodester Simple File Manager unrestricted upload — Simple File Manager	6.3	Medium	2024-03-23
CVE-2024-27964	WordPress Zippy plugin <= 1.6.9 - Arbitrary File Upload vulnerability — Zippy	8.8	High	2024-03-21
CVE-2024-2754	SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload — Complete E-Commerce Site	4.7	Medium	2024-03-21
CVE-2024-2690	SourceCodester Online Discussion Forum Site uupdate.php unrestricted upload — Online Discussion Forum Site	6.3	Medium	2024-03-20
CVE-2024-1205	Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload — Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring	8.8	High	2024-03-20
CVE-2024-29135	WordPress Tourfic plugin <= 2.11.15 - Arbitrary File Upload vulnerability — Tourfic	8.8^AI	High^AI	2024-03-19
CVE-2024-2636	Multiple vulnerabilities on Meta4 HR from Cegid — Meta4 HR	9.0	Critical	2024-03-19
CVE-2024-2604	SourceCodester File Manager App update-file.php unrestricted upload — File Manager App	6.3	Medium	2024-03-18
CVE-2024-2599	Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++ — AMSS++	9.9	Critical	2024-03-18
CVE-2024-27957	WordPress Pie Register plugin <= 3.8.3.1 - Unauthenticated Arbitrary File Upload vulnerability — Pie Register	10.0	Critical	2024-03-17
CVE-2024-2565	PandaXGO PandaX File Extension upload.go unrestricted upload — PandaX	6.3	Medium	2024-03-17
CVE-2024-2561	74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload — 74CMS	6.3	Medium	2024-03-17
CVE-2024-2531	MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php unrestricted upload — Online-College-Event-Hall-Reservation-System	6.3	Medium	2024-03-16
CVE-2024-2529	MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php unrestricted upload — Online-College-Event-Hall-Reservation-System	6.3	Medium	2024-03-16
CVE-2024-0800	Authentication Bypass via wizardLogin in Arcserve Unified Data Protection — Unified Data Protection	8.8	High	2024-03-13
CVE-2024-1311	Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Arbitrary File Upload — Brizy – Page Builder	8.8	High	2024-03-13

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2018 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2018