Iptanus

Wordpress File Upload

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-5852

  • EPSS 0.54%
  • Veröffentlicht 16.07.2024 09:15:03
  • Zuletzt bearbeitet 21.11.2024 09:48:28

The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpress_file_upload shortcode. This makes it possible for authenticated attackers...

5.4

CVE-2024-2847

  • EPSS 0.14%
  • Veröffentlicht 09.04.2024 19:15:37
  • Zuletzt bearbeitet 24.03.2025 13:28:51

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attribu...

5.4

CVE-2023-4811

Exploit
  • EPSS 0.11%
  • Veröffentlicht 16.10.2023 20:15:16
  • Zuletzt bearbeitet 23.04.2025 17:16:47

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

5.5

CVE-2023-2767

  • EPSS 0.1%
  • Veröffentlicht 09.06.2023 06:16:11
  • Zuletzt bearbeitet 21.11.2024 07:59:15

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This m...

4.9

CVE-2023-2688

  • EPSS 0.17%
  • Veröffentlicht 09.06.2023 06:16:11
  • Zuletzt bearbeitet 21.11.2024 07:59:05

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files ...

8.8

CVE-2021-24962

Exploit
  • EPSS 1.72%
  • Veröffentlicht 28.03.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:05

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto...

5.4

CVE-2021-24961

Exploit
  • EPSS 0.28%
  • Veröffentlicht 07.03.2022 09:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:05

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripti...

5.4

CVE-2021-24960

Exploit
  • EPSS 0.25%
  • Veröffentlicht 07.03.2022 09:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:05

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be...

9.8

CVE-2020-10564

Exploit
  • EPSS 31.75%
  • Veröffentlicht 13.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:35

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.

7.5

CVE-2015-9340

  • EPSS 0.25%
  • Veröffentlicht 22.08.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:40:23

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.