The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. Thi
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it po
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all v
The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization a
The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including, 1.0.
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and i
WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitr
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and inclu
The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type validation detecting JSON files
The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to,
The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated a
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. Thi
The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file
The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and fil
The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, a
The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' function in versions up to, and includ
The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This m
The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() functi
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint i