Wp File Upload
by WordPress
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9340 | Hig | 0.49 | 7.5 | 0.01 | Aug 22, 2019 | The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files. | ||
| CVE-2015-9339 | Hig | 0.49 | 7.5 | 0.01 | Aug 22, 2019 | The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files. | ||
| CVE-2015-9338 | Hig | 0.49 | 7.5 | 0.01 | Aug 22, 2019 | The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files. | ||
| CVE-2015-9341 | Hig | 0.49 | 7.5 | 0.01 | Aug 22, 2019 | The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. | ||
| CVE-2018-9844 | Med | 0.43 | 6.1 | 0.04 | Apr 7, 2018 | The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. | ||
| CVE-2024-6651 | Med | 0.41 | 6.1 | 0.14 | Aug 6, 2024 | The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||
| CVE-2018-9172 | Med | 0.38 | 5.4 | 0.03 | Apr 1, 2018 | The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | ||
| CVE-2021-24960 | Med | 0.35 | 5.4 | 0.01 | Mar 7, 2022 | The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site… | ||
| CVE-2014-125110 | Low | 0.16 | 3.5 | 0.00 | Apr 1, 2024 | A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack… | ||
| CVE-2014-5199 | 0.00 | — | 0.01 | Aug 12, 2014 | Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of… |
- risk 0.49cvss 7.5epss 0.01
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
- risk 0.49cvss 7.5epss 0.01
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
- risk 0.49cvss 7.5epss 0.01
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
- risk 0.49cvss 7.5epss 0.01
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
- risk 0.43cvss 6.1epss 0.04
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
- risk 0.41cvss 6.1epss 0.14
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- risk 0.38cvss 5.4epss 0.03
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
- risk 0.35cvss 5.4epss 0.01
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site…
- risk 0.16cvss 3.5epss 0.00
A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack…
- CVE-2014-5199Aug 12, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of…