CVE-2026-32523 - Vulnerability Details - OpenCVE

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

Vendors	Products
Denishua Subscribe	Wpjam Basic Subscribe
Wordpress Subscribe	Wordpress Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Denishua Subscribe	Wpjam Basic Subscribe
Wordpress Subscribe	Wordpress Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-6-9-2-arbitrary-file-upload-vulnerability?_s_id=cve

History

Thu, 26 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Denishua Denishua wpjam Basic Wordpress Wordpress wordpress
Vendors & Products		Denishua Denishua wpjam Basic Wordpress Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
Title		WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability
Weaknesses		CWE-434
References		https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-6-9-2-arbitrary-file-upload-vulnerability?_s_id=cve

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2026-03-25T16:15:07.729Z

Updated: 2026-03-26T13:20:57.477Z

Reserved: 2026-03-12T11:12:19.946Z

Link: CVE-2026-32523

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-25T17:17:05.237

Modified: 2026-03-25T17:17:05.237

Link: CVE-2026-32523

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-26T11:35:10Z

Weaknesses

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32523", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:12:19.946Z", "datePublished": "2026-03-25T16:15:07.729Z", "dateUpdated": "2026-03-26T13:20:57.477Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wpjam-basic", "product": "WPJAM Basic", "vendor": "denishua", "versions": [{"changes": [{"at": "6.9.2.1", "status": "unaffected"}], "lessThanOrEqual": "<= 6.9.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "NumeX | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:41.355Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.<p>This issue affects WPJAM Basic: from n/a through <= 6.9.2.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2."}], "impacts": [{"capecId": "CAPEC-17", "descriptions": [{"lang": "en", "value": "Using Malicious Files"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:15:07.729Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-6-9-2-arbitrary-file-upload-vulnerability?_s_id=cve"}], "title": "WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:20:53.625676Z", "id": "CVE-2026-32523", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:20:57.477Z"}}]}}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WPJAM Basic", "source": "cna", "vendor": "denishua"}, "product": "wpjam_basic", "vendor": "denishua"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T19:19:26.895240+00:00", "value": {"mitigation_remediation": ["Update WPJAM Basic to the latest available version that addresses the upload restriction flaw.", "If a patch is not currently available, disable or restrict any file upload functionality provided by the plugin until the vulnerability is fixed.", "Review user roles to ensure only trusted personnel have upload privileges and monitor upload logs for suspicious activity."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The plugin WPJAM Basic from denishua for WordPress is affected. All releases from the earliest version up through 6.9.2 are vulnerable; any site running these versions without an update is at risk.", "description_and_impact": "Unrestricted upload of files with dangerous content allows attackers to place arbitrary, potentially executable files on the server. The vulnerability in WPJAM Basic version 6.9.2 and earlier permits the upload of files that the system will store without sufficient type validation, which can lead to the execution of malicious code, system compromise, and data exposure. This weakness is classified under CWE\u2011434, highlighting that the input is not properly restricted by file type.", "risk_and_exploitability": "Because the flaw permits file uploads without validation, exploitation is straightforward for any user with upload permissions. The absence of an EPSS score or KEV listing does not reduce the inherent severity\u2014uploading a crafted file can lead to remote code execution. Administrators should treat this as a high\u2011risk issue until patched or mitigated."}}}}, "created": "2026-03-25T21:47:16.934442+00:00", "updated": "2026-03-26T11:35:10.672036+00:00", "vendors": ["denishua", "denishua$PRODUCT$wpjam_basic", "wordpress", "wordpress$PRODUCT$wordpress"]}