CVE-2015-10137 – WordPress Website Contact Form With File Upload Remote Code Execution (RCE)

July 22, 2025

CVE ID : CVE-2015-10137

Published : July 22, 2025, 2:15 a.m. | 22 hours, 29 minutes ago

Description : The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘upload_file()’ function in versions up to, and including, 1.3.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6585 – WordPress JobHunt Insecure Direct Object Reference

Next Article CVE-2012-10020 – FoxyPress WordPress Arbitrary File Upload Vulnerability

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2015-10137 – WordPress Website Contact Form With File Upload Remote Code Execution (RCE)

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

Microsoft Copilot gets OpenAI’s GPT-4o image generation support — but maybe a day late and a dollar short for the hype?

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Mixtape is one of the most unique indie games I’ve played, and it’s coming to Xbox Game Pass

Rilasciata IPFire 2.29 Core Update 193: Un passo avanti nella sicurezza con la crittografia post-quantistica

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Containerize legacy Spring Boot application using Amazon Q Developer CLI and MCP server

CVE-2025-48133 – Uncanny Owl Uncanny Automator Missing Authorization Vulnerability

Rest Assured – Schema to use cannot be null

CVE-2015-10137 – WordPress Website Contact Form With File Upload Remote Code Execution (RCE)

Related Posts