Total
4000 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32140 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2. | ||||
| CVE-2025-32118 | 2026-04-23 | 9.1 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through <= 4.1.14. | ||||
| CVE-2025-31916 | 2026-04-23 | 9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium jp-students-result-system-premium allows Upload a Web Shell to a Web Server.This issue affects JP Students Result Management System Premium: from n/a through 1.1.7. | ||||
| CVE-2025-31577 | 2026-04-23 | 6.6 Medium | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify appointify allows Upload a Web Shell to a Web Server.This issue affects Appointify: from n/a through <= 1.0.8. | ||||
| CVE-2025-31100 | 2 Mojoomla, Wordpress | 2 School Management, Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management school-management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through <= 1.93.1 (02-07-2025). | ||||
| CVE-2025-31048 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through <= 1.1.4. | ||||
| CVE-2025-31002 | 2 Bogdan Bendziukov, Wordpress | 2 Squeeze, Wordpress | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze squeeze allows Using Malicious Files.This issue affects Squeeze: from n/a through <= 1.6. | ||||
| CVE-2025-30996 | 2 Themify, Wordpress | 10 Bloggie, Edmin, Folo and 7 more | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Newsy newsy allows Upload a Web Shell to a Web Server.This issue affects Themify Newsy: from n/a through <= 1.9.9. | ||||
| CVE-2026-40487 | 2 Gitroom, Gitroomhq | 2 Postiz, Postiz-app | 2026-04-23 | 8.9 High |
| Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header. The uploaded files are then served by nginx with a Content-Type derived from their original extension (`text/html`, `image/svg+xml`), enabling Stored Cross-Site Scripting (XSS) in the context of the application's origin. This can lead to session riding, account takeover, and full compromise of other users' accounts. Version 2.21.6 contains a fix. | ||||
| CVE-2025-30933 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through <= 1.1.6. | ||||
| CVE-2025-29009 | 2026-04-23 | 10 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through <= 1.2.3. | ||||
| CVE-2025-28951 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Upload a Web Shell to a Web Server.This issue affects Bulk Featured Image: from n/a through <= 1.2.4. | ||||
| CVE-2025-28915 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects ThemeEgg ToolKit: from n/a through <= 1.2.9. | ||||
| CVE-2025-27282 | 2026-04-23 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue affects Theme File Duplicator: from n/a through <= 1.3. | ||||
| CVE-2025-26927 | 2 Epc, Wordpress | 2 Ai Hub Plugin, Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through <= 1.3.7. | ||||
| CVE-2025-26892 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura celestial-aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through <= 2.2. | ||||
| CVE-2025-26872 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius eximius allows Using Malicious Files.This issue affects Eximius: from n/a through <= 2.2. | ||||
| CVE-2025-26776 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro chaty-pro allows Upload a Web Shell to a Web Server.This issue affects Chaty Pro: from n/a through <= 3.3.3. | ||||
| CVE-2025-24775 | 2 Madeit, Wordpress | 2 Forms, Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.9.0. | ||||
| CVE-2025-24650 | 1 Themefic | 1 Tourfic | 2026-04-23 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through <= 2.15.3. | ||||