Cyber Resilience

CVE-2026-32523

Critical

Published: 25 March 2026

Published
25 March 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0032 23.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-32523 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-32523 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) in the WPJAM Basic WordPress plugin (wpjam-basic by denishua). It allows the use of malicious files and affects all versions from n/a through 6.9.2. Published on 2026-03-25, the vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), marking it as critical.

The vulnerability can be exploited by an attacker with low privileges, such as an authenticated WordPress user, over the network with low attack complexity and no user interaction. Exploitation enables high-impact effects on confidentiality, integrity, and availability with a changed scope, allowing arbitrary file uploads that could lead to server compromise.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/wpjam-basic/vulnerability/wordpress-wpjam-basic-plugin-6-9-2-arbitrary-file-upload-vulnerability?_s_id=cve) details this arbitrary file upload issue in WPJAM Basic 6.9.2. Security practitioners should review this reference for mitigation guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Arbitrary file upload of dangerous types (CWE-434) in public-facing WordPress plugin directly enables exploitation for initial access (T1190), ingress/transfer of malicious files such as PHP payloads (T1105), and deployment of web shells for execution/persistence (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-26325Shared CWE-434
CVE-2025-66256Shared CWE-434
CVE-2025-1025Shared CWE-434
CVE-2016-15043Shared CWE-434
CVE-2024-13448Shared CWE-434
CVE-2024-13333Shared CWE-434
CVE-2013-10040Shared CWE-434
CVE-2025-6423Shared CWE-434
CVE-2025-7063Shared CWE-434
CVE-2025-10412Shared CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of uploaded files to block dangerous types, preventing exploitation of the unrestricted file upload vulnerability in WPJAM Basic.

prevent

Requires timely identification, reporting, and patching of the specific flaw in WPJAM Basic versions through 6.9.2, eliminating the vulnerability.

preventdetect

Scans uploaded files for malicious code at entry points, mitigating server compromise from dangerous files allowed by the CVE.

References