Wp File Upload
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-125110 | Low | 0.23 | 3.5 | 0.00 | Apr 1, 2024 | A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack… | ||
| CVE-2018-9844 | 0.04 | — | 0.11 | Apr 7, 2018 | The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. | |||
| CVE-2018-9172 | 0.03 | — | 0.03 | Apr 1, 2018 | The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | |||
| CVE-2024-6651 | 0.01 | — | 0.19 | Aug 6, 2024 | The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||
| CVE-2014-5199 | 0.00 | — | 0.00 | Aug 12, 2014 | Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of… |
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/wfu_ajaxactions.php. The manipulation leads to cross site scripting. The attack…
- CVE-2018-9844Apr 7, 2018risk 0.04cvss —epss 0.11
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
- CVE-2018-9172Apr 1, 2018risk 0.03cvss —epss 0.03
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
- CVE-2024-6651Aug 6, 2024risk 0.01cvss —epss 0.19
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- CVE-2014-5199Aug 12, 2014risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of…