The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installs making this ...

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. A critical vulnerability ...

Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit ...

A critical arbitrary file upload vulnerability in Ninja Forms – File Upload Plugin has been identified, exposing thousands of WordPress sites to potential compromise. The issue affects plugin versions ...

A new security vulnerability in the Chaty Pro plugin has been identified, potentially allowing attackers to take over WordPress sites by uploading malicious files. Chaty Pro is a popular WordPress ...

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to ...

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active ...

The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.

Organizations using VMware's vCenter Server that haven't yet applied a patch for a recently disclosed arbitrary file upload vulnerability in the management utility (CVE-2021-22005) are at heightened ...