CVE-2026-1756

The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPFOFTLoaderMimes::fileandext' function in all versions up to, and including, 2.1.39. This makes it possible for authenticated attackers, with Author-level access and abov...

WordPress WP FOFT Loader plugin <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin WP FOFT Loader versions = 2.1.39...

CVE-2026-1756

The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPFOFTLoaderMimes::fileandext' function in all versions up to, and including, 2.1.39. This makes it possible for authenticated attackers, with Author-level access and abov...

EUVD-2026-5387

The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPFOFTLoaderMimes::fileandext' function in all versions up to, and including, 2.1.39. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2026-1756

The CVE-2026-1756 entry concerns the WordPress WP FOFT Loader plugin. Affected versions up to and including 2.1.39 allow arbitrary file uploads due to incorrect validation in WP_FOFT_Loader_Mimes::file_and_ext, enabling authenticated users with Author-level access or higher to upload arbitrary fi...

CVE-2026-1756 WP FOFT Loader <= 2.1.39 - Authenticated (Author+) Arbitrary File Upload

The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPFOFTLoaderMimes::fileandext' function in all versions up to, and including, 2.1.39. This makes it possible for authenticated attackers, with Author-level access and abov...

WordPress plugin WP FOFT Loader 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-6057

Name of the Vulnerable Software and Affected Versions WP FOFT Loader plugin for WordPress versions through 2.1.39 Description The WP FOFT Loader plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the WP FOFT Loader Mimes::file and ext...

WordPress WP FOFT Loader Plugin < 2.1.29 is vulnerable to Cross Site Scripting (XSS)

Software WP FOFT Loader Type Plugin Vulnerable versions 2.1.29 Fixed in 2.1.29 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef74a92e3a5f Credits Rafie Muhammad Patchstack Require...

WordPress WP FOFT Loader plugin < 2.1.21 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP FOFT Loader plugin versions 2.1.21. Solution Update the WordPress WP FOFT Loader plugin to the latest available version at least 2.1.21...

WordPress WP FOFT Loader plugin < 2.1.21 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP FOFT Loader plugin versions 2.1.21. Solution Update the WordPress WP FOFT Loader plugin to the latest available version at least 2.1.21...