Cyber Posture

CVE-2026-32523

Critical

Published: 25 March 2026

Published
25 March 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 17.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32523 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly enforces validation of uploaded files to block dangerous types, preventing exploitation of the unrestricted file upload vulnerability in WPJAM Basic.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and patching of the specific flaw in WPJAM Basic versions through 6.9.2, eliminating the vulnerability.

SI-3 Malicious Code Protection good match
preventdetect

Scans uploaded files for malicious code at entry points, mitigating server compromise from dangerous files allowed by the CVE.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
attack.mitre.org →
Why these techniques?

Arbitrary file upload of dangerous types (CWE-434) in public-facing WordPress plugin directly enables exploitation for initial access (T1190), ingress/transfer of malicious files such as PHP payloads (T1105), and deployment of web shells for execution/persistence (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.

Deeper analysisAI

CVE-2026-32523 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) in the WPJAM Basic WordPress plugin (wpjam-basic by denishua). It allows the use of malicious files and affects all versions from n/a through 6.9.2. Published on 2026-03-25, the vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), marking it as critical.

The vulnerability can be exploited by an attacker with low privileges, such as an authenticated WordPress user, over the network with low attack complexity and no user interaction. Exploitation enables high-impact effects on confidentiality, integrity, and availability with a changed scope, allowing arbitrary file uploads that could lead to server compromise.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-6-9-2-arbitrary-file-upload-vulnerability?_s_id=cve) details this arbitrary file upload issue in WPJAM Basic 6.9.2. Security practitioners should review this reference for mitigation guidance.

Details

CWE(s)
CWE-434

CVEs Like This One

CVE-2025-63994Shared CWE-434
CVE-2025-6207Shared CWE-434
CVE-2025-6079Shared CWE-434
CVE-2025-6222Shared CWE-434
CVE-2025-66256Shared CWE-434
CVE-2024-13908Shared CWE-434
CVE-2026-3891Shared CWE-434
CVE-2025-12171Shared CWE-434
CVE-2026-6261Shared CWE-434
CVE-2025-10412Shared CWE-434

References