VYPR

Upload File Plugin

by WordPress

CVEs (2)

  • CVE-2024-6494MedAug 7, 2024
    risk 0.40cvss 6.1epss 0.00

    The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.

  • CVE-2008-2510May 29, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.