CVE-2018-14028

creationtimestamp| type| source ---|---|--- 2026-04-16 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mjncncas7o2e...

WordPress is vulnerable to Arbitrary File Upload

Software WordPress Type WordPress Core Vulnerable versions 6.4.3 Fixed in 6.4.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2018-14028 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 87a72ffd6c73 Credits Vinicius Marangoni Required privilege...

WordPress <= 4.9.8 Multiple Vulnerabilities - Linux

WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2018-14028

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then...

CVE-2018-14028

CVE-2018-14028 affects WordPress 4.9.7. The vulnerability arises because plugin uploads via the admin area are not verified as ZIP files, enabling an attacker with plugin-upload capabilities to upload a PHP file. Although the plugin extraction may fail, the PHP file can remain in a predictable wp...