VYPR

File Upload

by WordPress

CVEs (3)

  • CVE-2020-10564CriMar 13, 2020
    risk 0.64cvss 9.8epss 0.09

    An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.

  • CVE-2024-2847MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.00

    The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2024-13494MedFeb 25, 2025
    risk 0.28cvss 4.3epss 0.00

    The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for unauthenticated attackers…