VYPR

Wp File Upload

by WordPress

Source repositories

CVEs (10)

  • CVE-2015-9340HigAug 22, 2019
    risk 0.49cvss 7.5epss 0.01

    The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

  • CVE-2015-9339HigAug 22, 2019
    risk 0.49cvss 7.5epss 0.01

    The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

  • CVE-2015-9338HigAug 22, 2019
    risk 0.49cvss 7.5epss 0.01

    The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

  • CVE-2015-9341HigAug 22, 2019
    risk 0.49cvss 7.5epss 0.01

    The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

  • CVE-2018-9844MedApr 7, 2018
    risk 0.43cvss 6.1epss 0.04

    The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.

  • CVE-2024-6651MedAug 6, 2024
    risk 0.41cvss 6.1epss 0.14

    The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2018-9172MedApr 1, 2018
    risk 0.38cvss 5.4epss 0.03

    The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.

  • CVE-2021-24960MedMar 7, 2022
    risk 0.35cvss 5.4epss 0.01

    The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site…

  • CVE-2014-125110LowApr 1, 2024
    risk 0.16cvss 3.5epss 0.00

    A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack…

  • CVE-2014-5199Aug 12, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of…