High severity8.8NVD Advisory· Published Jun 24, 2022· Updated Jun 16, 2026
CVE-2013-1916
CVE-2013-1916
Description
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/User Photodescription
- Range: <0.9.4
Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/changeset/347137nvdPatchThird Party Advisory
- www.exploit-db.com/exploits/16181nvdExploitThird Party AdvisoryVDB Entry
- wordpress.org/plugins/user-photo/nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.