Lucene search
K

40 matches found

Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.3 views

PT-2024-38248 · WordPress · Wordpress File Upload

Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to and including 4.24.8 Description: The issue concerns a Stored Cross-Site Scripting vulnerability via SVG file uploads, affecting the WordPress File Upload plugin. This vulnerability is due to...

7.2CVSS6.3AI score0.00438EPSS
Exploits0References12
Patchstack
Patchstack
added 2024/08/07 7:2 a.m.6 views

WordPress WordPress File Upload plugin < 4.24.8 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin WordPress File Upload versions 4.24.8...

6.1CVSS6.1AI score0.00342EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/07 6:16 a.m.2 views

CVE-2024-6494

The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting XSS attacks...

6.1CVSS5.8AI score0.00342EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/16 2:17 a.m.3 views

WordPress WordPress File Upload plugin <= 4.24.7 - Authenticated (Contributor+) Directory Traversal vulnerability

Authenticated Contributor+ Directory Traversal vulnerability discovered by Colin Xu in WordPress Plugin WordPress File Upload versions = 4.24.7...

4.3CVSS7AI score0.00695EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/09 6:59 p.m.14 views

CVE-2024-2847 WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS7.4AI score0.0036EPSS
Exploits0References2
OSV
OSV
added 2023/06/09 6:16 a.m.4 views

CVE-2023-2767

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS7.4AI score0.00376EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/17 12:0 a.m.4 views

WordPress Plugin The Drag and Drop Multiple File Upload PRO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.9AI score0.00542EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.16 views

jQuery File Upload Plugin Unrestricted file upload vulnerability

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

9.8CVSS8AI score0.91656EPSS
Exploits2References10Affected Software1
OSV
OSV
added 2022/05/17 7:57 p.m.13 views

GHSA-WXG6-F773-G2F7 jQuery File Upload Plugin Unrestricted file upload vulnerability

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

9.8CVSS9.8AI score0.91656EPSS
Exploits2References9
CNNVD
CNNVD
added 2022/03/28 12:0 a.m.7 views

WordPress plugin WordPress File Upload Free and Pro 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site . WordPress plugin is an open source WordPress application plugin . A path traversal vulnerability exists in the WordPress Fil...

8.8CVSS6AI score0.02849EPSS
Exploits2References3
OSV
OSV
added 2022/03/07 9:15 a.m.4 views

CVE-2021-24961

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.0077EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2020/03/13 12:0 a.m.23 views

WordPress File Upload < 4.13.0 - Directory Traversal to RCE

WordPress File Upload plugin directory traversal. It's possible to use the directory traversal to gain RCE by uploading a file doesn't matter the extension inside the /lib directory of the plugin. More details here https://github.com/beerpwn/CVE/tree/master/WP-File-Uploaddisclosurereport...

7.5CVSS1.4AI score0.08584EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/02/08 6:15 p.m.14 views

CVE-2014-8739

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

9.8CVSS9.8AI score0.91656EPSS
Exploits2References8
Cvelist
Cvelist
added 2020/02/08 5:21 p.m.20 views

CVE-2014-8739

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

9.8AI score0.91656EPSS
Exploits2References8
CVE
CVE
added 2020/02/08 5:21 p.m.203 views

CVE-2014-8739

CVE-2014-8739 : Unrestricted file upload in the jQuery File Upload Plugin 6.4.4, used by Creative Solutions Sexy Contact Form (WordPress &lt;= 1.0.0, Joomla! &lt;= 2.0.1), allows remote attackers to upload a PHP file via UploadHandler.php and execute code by requesting the file in the installed f...

9.8CVSS9.7AI score0.91656EPSS
Exploits2References8Affected Software2
Prion
Prion
added 2018/04/01 11:29 p.m.16 views

Default credentials

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

3.5CVSS5.5AI score0.03244EPSS
Exploits5References3Affected Software1
0day.today
0day.today
added 2016/10/22 12:0 a.m.48 views

WordPress Userpro Remote File Upload Exploit

This Metasploit module exploits an arbitrary PHP code upload in thewordpress Ifileupload plugin, The vulnerability allows for unauthorization file upload and remote code execution. Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage...

8AI score
Exploits0
exploitpack
exploitpack
added 2015/04/05 12:0 a.m.25 views

WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload

WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip Date : 2015-03-...

0.4AI score
Exploits0
Prion
Prion
added 2014/08/12 8:55 p.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...

6.8CVSS7.6AI score0.0097EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/08/12 8:0 p.m.40 views

CVE-2014-5199

CVE-2014-5199 is a CSRF vulnerability in the WordPress File Upload plugin (wp-file-upload) for WordPress, affecting versions before 2.4.2. The issue allows remote attackers to hijack the administrator’s authentication for requests that change plugin settings via unspecified vectors. Root cause is...

6.8CVSS7.4AI score0.0097EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder