Iptanus

Wordpress File Upload

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-13494

  • EPSS 0.06%
  • Veröffentlicht 25.02.2025 08:15:28
  • Zuletzt bearbeitet 28.02.2025 01:30:32

The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible f...

7.5

CVE-2024-9939

  • EPSS 2.67%
  • Veröffentlicht 08.01.2025 09:15:07
  • Zuletzt bearbeitet 13.03.2025 16:27:18

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally int...

9.8

CVE-2024-11635

  • EPSS 18.6%
  • Veröffentlicht 08.01.2025 08:15:24
  • Zuletzt bearbeitet 13.03.2025 16:30:47

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the se...

9.8

CVE-2024-11613

  • EPSS 78.73%
  • Veröffentlicht 08.01.2025 07:15:26
  • Zuletzt bearbeitet 17.04.2025 02:41:14

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of prope...

4.3

CVE-2024-12719

  • EPSS 0.09%
  • Veröffentlicht 07.01.2025 10:15:07
  • Zuletzt bearbeitet 13.03.2025 17:23:01

The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for ...

3.5

CVE-2024-39639

  • EPSS 0.1%
  • Veröffentlicht 01.11.2024 15:15:36
  • Zuletzt bearbeitet 11.04.2025 15:05:06

Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7.

9.8

CVE-2024-9047

  • EPSS 93.5%
  • Veröffentlicht 12.10.2024 07:15:02
  • Zuletzt bearbeitet 12.03.2025 18:03:50

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the orig...

6.1

CVE-2024-7301

  • EPSS 2.44%
  • Veröffentlicht 16.08.2024 05:15:12
  • Zuletzt bearbeitet 12.03.2025 18:08:31

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unaut...

6.1

CVE-2024-6494

Exploit
  • EPSS 0.88%
  • Veröffentlicht 07.08.2024 06:16:47
  • Zuletzt bearbeitet 11.04.2025 15:13:36

The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.

6.1

CVE-2024-6651

Exploit
  • EPSS 10.1%
  • Veröffentlicht 06.08.2024 06:15:35
  • Zuletzt bearbeitet 11.04.2025 15:13:49

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin