Description
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
Published: 2026-03-25
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via arbitrary file upload
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in WPJAM Basic allows an attacker to upload files without restriction. An attacker can upload a file with a dangerous payload, such as PHP code, enabling the execution of arbitrary code and full compromise of the affected WordPress site. The weakness corresponds to CWE-434 Unrestricted File Upload.

Affected Systems

WPJAM Basic plugin from vendors denishua, version 6.9.2 and earlier are affected. The problem exists in all versions up to and including 6.9.2.

Risk and Exploitability

The CVSS score of 9.9 indicates a critical severity, while the EPSS score below 1% suggests a low current exploitation probability. The vulnerability is not yet listed in CISA’s KEV catalog. Based on the description, the attack vector is likely through the plugin’s upload interface, probably requiring a user with administrative or author privileges to exploit. Exploitation would allow uploading arbitrary code that could be executed on the server, granting full control of the web site.

Generated by OpenCVE AI on March 26, 2026 at 15:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WPJAM Basic to a version newer than 6.9.2; remove any older installations.
  • If an update is not immediately available, temporarily disable the WPJAM Basic plugin until a patch is applied.
  • Restrict file uploads by configuring web server or WordPress to allow only safe file types and MIME types.
  • Regularly scan the uploads directory for suspicious files and remove any unauthorized content.

Generated by OpenCVE AI on March 26, 2026 at 15:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Denishua
Denishua wpjam Basic
Wordpress
Wordpress wordpress
Vendors & Products Denishua
Denishua wpjam Basic
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
Title WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability
Weaknesses CWE-434
References

Subscriptions

Denishua Wpjam Basic
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T13:20:57.477Z

Reserved: 2026-03-12T11:12:19.946Z

Link: CVE-2026-32523

cve-icon Vulnrichment

Updated: 2026-03-26T13:20:46.412Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:17:05.237

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-32523

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:30:44Z

Weaknesses