40 matches found
PT-2024-38248 · WordPress · Wordpress File Upload
Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to and including 4.24.8 Description: The issue concerns a Stored Cross-Site Scripting vulnerability via SVG file uploads, affecting the WordPress File Upload plugin. This vulnerability is due to...
WordPress WordPress File Upload plugin < 4.24.8 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin WordPress File Upload versions 4.24.8...
CVE-2024-6494
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting XSS attacks...
WordPress WordPress File Upload plugin <= 4.24.7 - Authenticated (Contributor+) Directory Traversal vulnerability
Authenticated Contributor+ Directory Traversal vulnerability discovered by Colin Xu in WordPress Plugin WordPress File Upload versions = 4.24.7...
CVE-2024-2847 WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-2767
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress Plugin The Drag and Drop Multiple File Upload PRO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
jQuery File Upload Plugin Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...
GHSA-WXG6-F773-G2F7 jQuery File Upload Plugin Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...
WordPress plugin WordPress File Upload Free and Pro 路径遍历漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site . WordPress plugin is an open source WordPress application plugin . A path traversal vulnerability exists in the WordPress Fil...
CVE-2021-24961
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
WordPress File Upload < 4.13.0 - Directory Traversal to RCE
WordPress File Upload plugin directory traversal. It's possible to use the directory traversal to gain RCE by uploading a file doesn't matter the extension inside the /lib directory of the plugin. More details here https://github.com/beerpwn/CVE/tree/master/WP-File-Uploaddisclosurereport...
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...
CVE-2014-8739
CVE-2014-8739 : Unrestricted file upload in the jQuery File Upload Plugin 6.4.4, used by Creative Solutions Sexy Contact Form (WordPress <= 1.0.0, Joomla! <= 2.0.1), allows remote attackers to upload a PHP file via UploadHandler.php and execute code by requesting the file in the installed f...
Default credentials
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
WordPress Userpro Remote File Upload Exploit
This Metasploit module exploits an arbitrary PHP code upload in thewordpress Ifileupload plugin, The vulnerability allows for unauthorization file upload and remote code execution. Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage...
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip Date : 2015-03-...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...
CVE-2014-5199
CVE-2014-5199 is a CSRF vulnerability in the WordPress File Upload plugin (wp-file-upload) for WordPress, affecting versions before 2.4.2. The issue allows remote attackers to hijack the administrator’s authentication for requests that change plugin settings via unspecified vectors. Root cause is...