CWE-434


Unrestricted Upload of File with Dangerous Type

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

We have discovered 3,995,933 live websites that are affected by CWE-434.

Contact us to get more info







CVEs

  • Count - 171



CWE-434 usage by Country

United States1,081,146 websites


Germany471,256 websites
Japan275,610 websites
France236,328 websites
Italy220,351 websites
Russia143,648 websites
GB139,300 websites
Poland121,749 websites
Netherlands107,061 websites
Spain93,761 websites

CWE-434 usage by TLD

.com1,580,312 websites
.de232,857 websites
.it160,896 websites
.org150,515 websites
.ru125,033 websites
.net111,218 websites
.nl99,934 websites
.pl97,541 websites
.co.uk96,300 websites
.fr83,419 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-434
DiscoveredCVEDescriptionWebsites
May, 2025CVE-2025-4317 TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload6,806
May, 2025CVE-2025-4403 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function630
May, 2025CVE-2025-47549 WordPress BEAF <= 4.6.10 - Arbitrary File Upload Vulnerability1,879
May, 2025CVE-2025-47550 WordPress Instantio <= 3.3.16 - Arbitrary File Upload Vulnerability82
May, 2025CVE-2024-13418 Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload20
Apr, 2025CVE-2025-46264 WordPress PowerPress Podcasting <= 11.12.5 - Arbitrary File Upload Vulnerability1,132
Apr, 2025CVE-2025-32682 WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability46
Apr, 2025CVE-2025-39538 WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability1
Apr, 2025CVE-2025-32215 WordPress Accessibility Suite plugin <= 4.18 - Arbitrary File Upload vulnerability17
Apr, 2025CVE-2025-2525 Streamit <= 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload10

The most widespread CVEs

List of the most common CVEs that are part of CWE-434
DiscoveredCVEDescriptionWebsites
Apr, 2024CVE-2024-31210 PHP file upload bypass via Plugin installer2,852,853
Dec, 2023CVE-2023-47784 WordPress Slider Revolution Plugin <= 6.6.15 is vulnerable to Arbitrary File Upload1,140,002
Mar, 2024CVE-2023-48777 WordPress Elementor plugin 3.3.0-3.18.1 - Arbitrary File Upload vulnerability446,230
Mar, 2024CVE-2023-39307 WordPress Avada theme <= 7.11.1 - Authenticated Arbitrary File Upload vulnerability111,341
Jul, 2024CVE-2024-6828 Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting27,115
Nov, 2021CVE-2021-42362 WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload20,749
Feb, 2025CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion19,130
Dec, 2023CVE-2023-46149 WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload13,214
Apr, 2025CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability8,565
Aug, 2024CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload8,529

Websites affected by CWE-434

Top websites that are affected by CWE-434. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***************.org United States***
************.org Singapore***
*****************.com United States***
****.br Brazil***
****.******.com Singapore***
*********.com United States***
***************.org United States***
******.com United States***
*****.com United States***
*******************.com United States***
See full domain list