CWE-434


Unrestricted Upload of File with Dangerous Type

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

We have discovered 3,567,171 live websites that are affected by CWE-434.

Contact us to get more info







CVEs

  • Count - 253



Website Distribution by Country

Number of websites using CWE-434
United States875,466 websites


Germany349,564 websites
Italy216,597 websites
Japan203,491 websites
France195,449 websites
GB153,255 websites
Russia137,625 websites
Poland110,552 websites
Netherlands109,703 websites
Spain95,531 websites

Website Distribution by TLD

Number of websites using CWE-434
.com1,425,670 websites
.de198,498 websites
.it148,162 websites
.org143,532 websites
.ru112,358 websites
.nl94,833 websites
.net92,057 websites
.co.uk91,103 websites
.pl83,289 websites
.fr80,304 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-434
DiscoveredCVEDescriptionWebsites
Apr, 2026CVE-2026-32931 Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE9
Apr, 2026CVE-2026-33704 Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint9
Apr, 2026CVE-2026-2942 ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess5
Apr, 2026CVE-2026-4808 Gerador de Certificados – DevApps <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload8
Apr, 2026CVE-2026-0740 Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload6,883
Apr, 2026CVE-2025-14938 Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media Upload576
Mar, 2026CVE-2026-25099 Remote Code Execution via Unrestricted File Upload in Bludit1,299
Mar, 2026CVE-2026-3533 JupiterX Core <= 4.14.1 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import15,800
Mar, 2026CVE-2026-27043 WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability73
Mar, 2026CVE-2026-27540 WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability117

The most widespread CVEs

List of the most common CVEs that are part of CWE-434
DiscoveredCVEDescriptionWebsites
Apr, 2024CVE-2024-31210 PHP file upload bypass via Plugin installer2,052,469
Dec, 2023CVE-2023-6449 Contact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File Upload1,211,745
Dec, 2023CVE-2023-47784 WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload861,105
Mar, 2024CVE-2023-48777 WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability290,688
Dec, 2025CVE-2025-13407 GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload190,406
Nov, 2025CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload181,702
Nov, 2025CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'175,657
Jun, 2025CVE-2025-4102 Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload92,501
Feb, 2024CVE-2024-1468 Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload85,386
Mar, 2024CVE-2023-39307 WordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability79,738

Websites affected by CWE-434

Top websites that are affected by CWE-434. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***************.org United States***
************.org Singapore***
*****************.com United States***
****.br Brazil***
*****.net Canada***
***************.org United States***
*********.com United States***
******.com United States***
**********.com United States***
*********.net United States***
See full domain list