WordPress Plugin Vulnerabilities

WPJAM Basic < 6.9.2.1 - Authenticated (Subscriber+) Arbitrary File Upload

Description

The WPJAM Basic plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
wpjam-basic
Fixed in 6.9.2.1

References

CVE
CVE-2026-32523
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/30529c2b-ef05-4b88-8082-09a633e76736

Miscellaneous

Original Researcher
NumeX
Verified
No
WPVDB ID
982d0618-4eca-4bad-ae66-089ce62e3c8e

Timeline

Publicly Published
2026-03-20 (about 1 month ago)
Added
2026-03-27 (about 1 month ago)
Last Updated
2026-03-27 (about 1 month ago)

Other

Published
Title
Published
2025-06-10
Title
WordPress Automatic Plugin - AI content generator and auto poster plugin < 3.116.0 - Authenticated (Author+) Arbitrary File Upload
Published
2014-12-03
Title
Download Manager <= 2.7.4 - Code Execution / Remote File Inclusion
Published
2024-10-30
Title
Multi Purpose Mail Form <= 1.0.2 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
Top Quark Architecture 2.1.0 - lib/js/fancyupload/showcase/batch/script.php File Upload PHP Code Execution
Published
2025-09-05
Title
Multi Step Form < 1.7.26 - Authenticated (Admin+) Arbitrary File Upload