Unrated severityNVD Advisory· Published May 21, 2008· Updated Apr 23, 2026

CVE-2008-2392

Description

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Affected products

WordPress/WordPress
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Range: <=2.5.1
Package: https://wordpress.org/plugins/wordpress

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securityreason.com/securityalert/3897nvdThird Party Advisory
www.securityfocus.com/archive/1/492230/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/29276nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/42561nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000