CVE-2026-39591
9.9 CRITICALSubscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 9.9 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-434
Description
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-40772 — Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions (10.0 CRITICAL)
- CVE-2026-39527 — Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions (5.4 MEDIUM)
- CVE-2018-25436 — WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated ... (9.8 CRITICAL)
- CVE-2026-5482 — Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.ph...
- CVE-2026-34027 — The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /saf...