← Back

Website Contact Form With File Upload

website_contact_form_with_file_upload

Vendor: Najeebmedia • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-10137
1Najeebmedia
1Website Contact Form With File Upload
Dec 16, 2025
Jul 22, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' function in versions up to, and including, 1.3.4. This mak...Show more
The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' function in versions up to, and including, 1.3.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.Show less