CVE-2026-32523
Unrestricted File Upload in WPJAM Basic Allows Malicious Files
Publication date: 2026-03-25
Last updated on: 2026-03-26
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| denishua | wpjam_basic | to 6.9.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Unrestricted Upload of File with Dangerous Type issue in the denishua WPJAM Basic plugin (wpjam-basic). It allows attackers to upload malicious files without proper restrictions or validation, potentially enabling harmful actions.
How can this vulnerability impact me? :
The vulnerability can allow attackers to upload malicious files to your system, which may lead to unauthorized code execution, data compromise, or other security breaches depending on the nature of the uploaded files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to upload and execute malicious files, potentially leading to unauthorized access and control over the affected website.
Such unauthorized access and control can result in data breaches or exposure of sensitive information, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and sensitive data.
Therefore, if exploited, this vulnerability could lead to violations of these regulations due to inadequate security controls and potential data compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability allows attackers to upload arbitrary files, including malicious backdoors, to the affected website. Detection can involve monitoring for unusual file uploads or the presence of unexpected files in the plugin directories.
Specific commands are not provided in the available resources, but general approaches include scanning the web server directories for recently added or modified files with suspicious extensions or content, and reviewing web server logs for suspicious POST requests to the WPJAM Basic plugin upload endpoints.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WPJAM Basic plugin to version 6.9.2.1 or later, where the vulnerability has been patched.
Until the update can be applied, users of Patchstack can enable an automatic mitigation rule that blocks exploitation attempts.
Additionally, enabling auto-updates for vulnerable plugins and seeking assistance from hosting providers or developers if unable to update the plugin manually are recommended.