Lucene search

Wordpress File Upload Security Vulnerabilities

cve

CVE-2020-10564

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib...

9.8CVSS

9.6AI Score

0.053EPSS

2020-03-13 11:15 PM

156

cve

CVE-2015-9338

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php...

7.5CVSS

7AI Score

0.001EPSS

2019-08-22 08:15 PM

cve

CVE-2015-9339

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js...

7.5CVSS

7AI Score

0.001EPSS

2019-08-22 08:15 PM

cve

CVE-2015-9340

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess...

7.5CVSS

7AI Score

0.001EPSS

2019-08-22 08:15 PM

cve

CVE-2015-9341

The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js...

7.5CVSS

7AI Score

0.001EPSS

2019-08-22 07:15 PM

cve

CVE-2018-9844

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to...

6.1CVSS

6.2AI Score

0.001EPSS

2018-04-07 07:29 AM

cve

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode...

5.4CVSS

5.5AI Score

0.002EPSS

2018-04-01 11:29 PM

cve

CVE-2014-5199

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...

7.3AI Score

0.001EPSS

2014-08-12 08:55 PM