The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. Th
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to, and incl
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all versi
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and inclu
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to,
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to,
The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to
The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WP_FOFT_Loader_Mimes::file_and_ext' function in all versions up to, and in
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to, and including, 1.
The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin rely
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function
The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthent
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. Thi
The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all vers
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migr
The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and includin
The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in all versions up to, and including, 2.3.3.
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validati
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validati