Wordpress File Upload Project ≫ Wordpress File Upload

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

6.1

CVE-2024-6494

Exploit

EPSS 0.88%
Veröffentlicht 07.08.2024 06:16:47
Zuletzt bearbeitet 11.04.2025 15:13:36

The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.

6.1

CVE-2024-6651

Exploit

EPSS 10.1%
Veröffentlicht 06.08.2024 06:15:35
Zuletzt bearbeitet 11.04.2025 15:13:49

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.8

CVE-2014-5199

EPSS 0.13%
Veröffentlicht 12.08.2014 20:55:04
Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspec...