Critical severityNVD Advisory· Published Jan 15, 2026· Updated Apr 15, 2026

CVE-2011-10041

Description

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution by uploading executable content to a web-accessible location.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstorm.news/files/id/98652nvd
wpscan.com/vulnerability/6946364c-9764-468e-87d5-2dd57e531985/nvd
www.acunetix.com/vulnerabilities/web/wordpress-plugin-uploadify-remote-file-upload-1-0/nvd
www.vulncheck.com/advisories/uploadify-unauthenticated-arbitrary-file-uploadnvd
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/uploadify/uploadify-10-arbitrary-file-uploadnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000