Total
4026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49329 | 2 Vivek Tamrakar, Vivektamrakar | 2 Wp Rest Api Fns, Wp Rest Api Fns | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0. | ||||
| CVE-2024-49327 | 1 Asepbagjapriandana | 1 Woostagram Connect | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2. | ||||
| CVE-2024-49326 | 1 Vasiliskerasiotis | 1 Affiliator | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3. | ||||
| CVE-2024-49324 | 1 Sovratec | 2 Case Management, Sovratec Case Management | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0. | ||||
| CVE-2024-49260 | 1 Limb | 1 Limb Image Gallery | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7. | ||||
| CVE-2024-49257 | 1 Denis | 1 Azz Anonim Posting | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through <= 0.9. | ||||
| CVE-2024-48035 | 1 Takayukiimanishi | 1 Acf Images Search And Insert | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in takayukii ACF Images Search And Insert acf-images-search-and-insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through <= 1.1.4. | ||||
| CVE-2024-48034 | 1 Fliperr Team | 1 Creates 3d Flipbook Pdf Flipbook | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in fliperrr Creates 3D Flipbook, PDF Flipbook create-flipbook-from-pdf allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through <= 1.2. | ||||
| CVE-2024-48027 | 1 Xaraartech | 1 External Featured Image From Bing | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing external-featured-image-from-bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through <= 1.0.2. | ||||
| CVE-2024-47649 | 1 Thatplugin | 1 Iconize | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize iconize.This issue affects Iconize: from n/a through <= 1.2.4. | ||||
| CVE-2024-47319 | 1 Bitapps | 1 Bit Form | 2026-04-23 | 8 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through <= 2.13.10. | ||||
| CVE-2024-43243 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in themeglow JobBoard Job listing job-board-light allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through <= 1.2.6. | ||||
| CVE-2024-37555 | 1 Zealousweb | 1 Generate Pdf Using Contact Form 7 | 2026-04-23 | 9.6 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.This issue affects Generate PDF using Contact Form 7: from n/a through <= 4.1.2. | ||||
| CVE-2024-37228 | 1 Instawp | 1 Instawp Connect | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.38. | ||||
| CVE-2024-32836 | 1 Wplab | 1 Wp-lister Lite For Ebay | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.11. | ||||
| CVE-2006-6994 | 1 Indirmax.org | 1 Ozzywork Galeri | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks. | ||||
| CVE-2006-5845 | 1 Speedywiki | 1 Speedywiki | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. | ||||
| CVE-2025-10147 | 2 Podlove, Wordpress | 2 Podlove Podcast Publisher, Wordpress | 2026-04-22 | 9.8 Critical |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-10747 | 1 Wordpress | 1 Wordpress | 2026-04-22 | 7.2 High |
| The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add.php file in all versions up to, and including, 1.68.11. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-11499 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2026-04-22 | 9.8 Critical |
| The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image_from_external_url() function in all versions up to, and including, 1.1.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in configurations where unauthenticated users have been provided with a method for adding featured images, and the workflow trigger is created. | ||||