Tag
#Arbitrary File Upload
Critical Vulnerability in Swiss Toolkit For WP Plugin: Arbitrary File Upload and Potential RCE
The Swiss Toolkit For WP plugin for WordPress, versions up to and including 1.4.6, is vulnerable to arbitrary file upload due to a flawed file type validation bypass. This allows authenticated attackers with Author-level access to upload arbitrary files, potentially leading to remote code execution if the 'Enhanced Multi-Format Image Support' feature is enabled. The vulnerability has a CVSS score of 8.8, indicating high severity. Immediate patching is recommended.
CVE-2026-15158: Critical Arbitrary File Upload Vulnerability in Blocksy Companion Plugin
A critical vulnerability (CVE-2026-15158, CVSS 9.8) exists in the Blocksy Companion plugin for WordPress, allowing unauthenticated attackers to upload executable files, leading to remote code execution. This vulnerability affects the premium version of the plugin (blocksy-companion-pro) when used with specific extensions. Immediate action is required to mitigate this threat.