ReportizFlow
Filtered by vendor Magicform
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9815 | 2 Magicform, Wordpress | 2 Magicform, Wordpress | 2026-06-24 | 6.5 Medium |
| The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server. | ||||
Page 1 of 1.