VYPR

CWE-434

Unrestricted Upload of File with Dangerous Type

BaseDraftLikelihood: Medium

Description

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-1

CVEs mapped to this weakness (1,669)

page 28 of 84
  • CVE-2025-57148CriSep 3, 2025
    risk 0.59cvss 9.1epss 0.00

    phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.

  • CVE-2025-54677CriAug 20, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Using Malicious Files.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a…

  • CVE-2025-54693CriAug 14, 2025
    risk 0.59cvss 9.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5.

  • CVE-2025-48300CriJul 16, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Adrian Tobey Groundhogg groundhogg allows Upload a Web Shell to a Web Server.This issue affects Groundhogg: from n/a through <= 4.2.1.

  • CVE-2025-28951CriJul 4, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4.

  • CVE-2025-23968CriJul 3, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through <= 1.9.

  • CVE-2025-53260CriJun 27, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through <= 7.5.

  • CVE-2025-31916CriMay 23, 2025
    risk 0.59cvss 9.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.

  • CVE-2025-47549CriMay 7, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through <= 4.6.10.

  • CVE-2025-39436CriApr 17, 2025
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through <= 1.0.

  • CVE-2025-39557CriApr 16, 2025
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.14.

  • CVE-2025-32206CriApr 10, 2025
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell to a Web Server.This issue affects Processing Projects: from n/a through <= 1.0.2.

  • CVE-2025-32202CriApr 10, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress allows Upload a Web Shell to a Web Server.This issue affects Insert or Embed…

  • CVE-2025-31002CriApr 9, 2025
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6.

  • CVE-2025-32118CriApr 4, 2025
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through <= 4.1.14.

  • CVE-2025-2749HigKEVMar 24, 2025
    risk 0.59cvss 7.2epss 0.04

    An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to…

  • CVE-2025-24650CriJan 24, 2025
    risk 0.59cvss 9.1epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through <= 2.15.3.

  • CVE-2025-23921CriJan 22, 2025
    risk 0.59cvss 9.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3.

  • CVE-2025-22723CriJan 21, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Upload a Web Shell to a Web Server.This issue affects Barcode…

  • CVE-2024-51919CriJan 21, 2025
    risk 0.59cvss 9.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.