4 matches found
CVE-2026-1756
The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPFOFTLoaderMimes::fileandext' function in all versions up to, and including, 2.1.39. This makes it possible for authenticated attackers, with Author-level access and abov...
CVE-2026-1756
The CVE-2026-1756 entry concerns the WordPress WP FOFT Loader plugin. Affected versions up to and including 2.1.39 allow arbitrary file uploads due to incorrect validation in WP_FOFT_Loader_Mimes::file_and_ext, enabling authenticated users with Author-level access or higher to upload arbitrary fi...
WordPress plugin WP FOFT Loader 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-6057
Name of the Vulnerable Software and Affected Versions WP FOFT Loader plugin for WordPress versions through 2.1.39 Description The WP FOFT Loader plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the WP FOFT Loader Mimes::file and ext...