An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib...
9.8CVSS
9.6AI Score
0.053EPSS
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php...
7.5CVSS
7AI Score
0.001EPSS
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js...
7.5CVSS
7AI Score
0.001EPSS
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess...
7.5CVSS
7AI Score
0.001EPSS
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js...
7.5CVSS
7AI Score
0.001EPSS
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to...
6.1CVSS
6.2AI Score
0.001EPSS
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode...
5.4CVSS
5.5AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...
7.3AI Score
0.001EPSS