CVE-2026-32523
Received Received - Intake
Unrestricted File Upload in WPJAM Basic Allows Malicious Files

Publication date: 2026-03-25

Last updated on: 2026-03-26

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32523
EUVD
EUVD-2026-15887
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
denishua wpjam_basic to 6.9.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to upload and execute malicious files, potentially leading to unauthorized access and control over the affected website.

Such unauthorized access and control can result in data breaches or exposure of sensitive information, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and sensitive data.

Therefore, if exploited, this vulnerability could lead to violations of these regulations due to inadequate security controls and potential data compromise.

Executive Summary

This vulnerability is an Unrestricted Upload of File with Dangerous Type issue in the denishua WPJAM Basic plugin (wpjam-basic). It allows attackers to upload malicious files without proper restrictions or validation, potentially enabling harmful actions.

Impact Analysis

The vulnerability can allow attackers to upload malicious files to your system, which may lead to unauthorized code execution, data compromise, or other security breaches depending on the nature of the uploaded files.

Detection Guidance

The vulnerability allows attackers to upload arbitrary files, including malicious backdoors, to the affected website. Detection can involve monitoring for unusual file uploads or the presence of unexpected files in the plugin directories.

Specific commands are not provided in the available resources, but general approaches include scanning the web server directories for recently added or modified files with suspicious extensions or content, and reviewing web server logs for suspicious POST requests to the WPJAM Basic plugin upload endpoints.

Mitigation Strategies

The immediate mitigation step is to update the WPJAM Basic plugin to version 6.9.2.1 or later, where the vulnerability has been patched.

Until the update can be applied, users of Patchstack can enable an automatic mitigation rule that blocks exploitation attempts.

Additionally, enabling auto-updates for vulnerable plugins and seeking assistance from hosting providers or developers if unable to update the plugin manually are recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32523. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart