Skip to main content
CVE-2020-36847 CRITICAL POC PATCH THREAT Act Now

The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulnerability. Attackers can upload PHP files disguised with image extensions and then rename them back to .php using the plugin's built-in rename functionality, bypassing all upload restrictions.

PHP WordPress RCE Simple File List
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
86.1%
Threat
6.0
CVE-2020-36849 CRITICAL POC THREAT Emergency

The AIT CSV Import/Export WordPress plugin through version 3.0.3 allows unauthorized arbitrary file uploads without file type validation. The upload handler in upload-handler.php is accessible without authentication, enabling remote attackers to deploy PHP webshells and achieve code execution on the WordPress server.

PHP WordPress RCE
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
72.2%
Threat
5.6
CVE-2025-6058 CRITICAL POC PATCH THREAT Act Now

The WPBookit WordPress plugin (versions ≤1.0.4) contains a critical arbitrary file upload vulnerability in the image_upload_handle() function due to missing file type validation, allowing unauthenticated attackers to upload malicious files and potentially achieve remote code execution. With a CVSS score of 9.8, network-accessible attack vector, and no authentication requirement, this vulnerability poses an immediate and severe threat to any WordPress installation using the affected plugin.

WordPress RCE Wpbookit PHP
NVD
CVSS 3.1
9.8
EPSS
21.7%
Threat
4.1
CVE-2023-38036 CRITICAL PATCH Act Now

CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances.

RCE Buffer Overflow Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy