Critical
CVSS: 9.8
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_file…
Medium
CVSS: 6.3
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
This vulnerability is due to improper validation of…
Unknown
CVSS: -
Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through
Unknown
CVSS: -
Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affec…
Critical
CVSS: 9.8
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload function in all versions up to…
Medium
CVSS: 4.3
The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files (instruction/message media) are not strictly validated for type and size.…
Critical
CVSS: 9.8
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.…
Critical
CVSS: 9.8
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This…
High
CVSS: 8.8
The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for a…
Critical
CVSS: 9.8
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This ma…
High
CVSS: 8.8
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attack…
High
CVSS: 8.6
An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a malicious .tar plugin file containing arb…
Medium
CVSS: 6.8
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into…
Medium
CVSS: 5.3
A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal…
Critical
CVSS: 9.8
Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication…
Unknown
CVSS: -
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through
Unknown
CVSS: -
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through
Unknown
CVSS: -
Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through
High
CVSS: 7.2
The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticat…
High
CVSS: 7.2
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes…