Weaknesses of type CWE-434

2,804 results
CVE-2024-54370CRITICALWordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2026-6257CRITICALVvveb CMS < v1.0.8.2 Remote Code Execution via Media ManagementEPSS 0.6%CVE-2024-56975CRITICALInvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_fileEPSS 0.6%CVE-2024-9794MEDIUMCodezips Online Shopping Portal update-image1.php unrestricted uploadEPSS 0.6%CVE-2024-31115CRITICALWordPress Chauffeur Taxi Booking System for WordPress plugin <= 7.2 - Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2023-34385CRITICALWordPress Export Import Menus Plugin <= 1.8.0 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2025-12673CRITICALFlex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File UploadEPSS 0.6%CVE-2023-52221CRITICALWordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.1 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2023-51468CRITICALWordPress Rencontre – Dating Site Plugin <= 3.10.1 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2023-51419CRITICALWordPress BERTHA AI Plugin <= 1.11.10.7 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2023-49815CRITICALWordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerabilityEPSS 0.6%CVE-2024-25925CRITICALWordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2026-48283CRITICALColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)EPSS 0.6%CVE-2023-7026MEDIUMLightxun IPTV Gateway web_upload_template.html unrestricted uploadEPSS 0.6%CVE-2024-25913CRITICALWordPress MoveTo Plugin <= 6.2 is vulnerable to Arbitrary File UploadEPSS 0.6%CVE-2026-2550CRITICALEFM iptime A6004MX timepro.cgi commit_vpncli_file_upload unrestricted uploadEPSS 0.6%CVE-2024-11214MEDIUMSourceCodester Best Employee Management System profile.php unrestricted uploadEPSS 0.6%CVE-2023-34126Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileEPSS 0.6%CVE-2023-5637HIGHPlaintext Storage of a Password in ArslanSoft's Education PortalEPSS 0.6%CVE-2025-5831HIGHDroip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.6%