Skip to main content

Wpjam Basic

4 CVEs product

Monthly

CVE-2026-57372 HIGH This Week

Server-Side Request Forgery in the WPJAM Basic WordPress plugin (by denishua) affects all versions up to and including 7.0, letting remote attackers coerce the site's server into issuing crafted outbound requests. Because the CVSS scope is marked Changed with low confidentiality and integrity impact, an attacker can reach internal or otherwise-protected services and read back limited responses. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was disclosed through the Patchstack vulnerability database.

SSRF Wpjam Basic
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2026-57371 HIGH This Week

PHP Object Injection in the WPJAM Basic WordPress plugin (denishua) affects all versions up to and including 7.0, allowing an authenticated attacker to inject crafted serialized objects that are deserialized by the plugin. Reported by Patchstack and rated CVSS 8.8, it can lead to high-impact compromise (confidentiality, integrity, and availability) of the WordPress site, though exploitation requires at least low-level authenticated access. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Deserialization Wpjam Basic
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-32523 CRITICAL Act Now

WPJAM Basic, a WordPress plugin, contains an unrestricted file upload vulnerability (CWE-434) that allows attackers to upload malicious files without proper validation. All versions through 6.9.2 are affected, potentially enabling remote code execution or other attacks depending on server configuration. While CVSS and EPSS scores are unavailable, the nature of arbitrary file upload vulnerabilities in WordPress plugins typically carries high real-world risk due to ease of exploitation and severe impact.

File Upload Wpjam Basic
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2023-23709 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpjam Basic
NVD
CVSS 3.1
5.4
EPSS
0.4%
EPSS 0% CVSS 7.2
HIGH This Week

Server-Side Request Forgery in the WPJAM Basic WordPress plugin (by denishua) affects all versions up to and including 7.0, letting remote attackers coerce the site's server into issuing crafted outbound requests. Because the CVSS scope is marked Changed with low confidentiality and integrity impact, an attacker can reach internal or otherwise-protected services and read back limited responses. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was disclosed through the Patchstack vulnerability database.

SSRF Wpjam Basic
NVD
EPSS 1% CVSS 8.8
HIGH This Week

PHP Object Injection in the WPJAM Basic WordPress plugin (denishua) affects all versions up to and including 7.0, allowing an authenticated attacker to inject crafted serialized objects that are deserialized by the plugin. Reported by Patchstack and rated CVSS 8.8, it can lead to high-impact compromise (confidentiality, integrity, and availability) of the WordPress site, though exploitation requires at least low-level authenticated access. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Deserialization Wpjam Basic
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

WPJAM Basic, a WordPress plugin, contains an unrestricted file upload vulnerability (CWE-434) that allows attackers to upload malicious files without proper validation. All versions through 6.9.2 are affected, potentially enabling remote code execution or other attacks depending on server configuration. While CVSS and EPSS scores are unavailable, the nature of arbitrary file upload vulnerabilities in WordPress plugins typically carries high real-world risk due to ease of exploitation and severe impact.

File Upload Wpjam Basic
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpjam Basic
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy