65 matches found
π WordPress File Upload 4.24.11 Path Traversal / Remote Code Execution
A critical unauthenticated remote code execution vulnerability exists in the WordPress File Upload plugin versions 4.24.11 and earlier. The vulnerability allows attackers to execute arbitrary operating system commands through path traversal and improper input validation in the wfufiledownloader.p...
CVE-2024-39639
Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7...
EUVD-2024-53874
Malicious code in bioql PyPI...
EUVD-2024-38329
Malicious code in bioql PyPI...
PT-2025-34069 Β· Undefined Β· Undefined
π₯ Critical & High-Severity CVEs 1. CVE-2025-27461 β Ivanti Connect Secure / Policy Secure Auth Bypass β RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth β remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...
VulnCheck KEV: CVE-2024-9047
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful...
CVE-2024-6494
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting XSS attacks...
CVE-2014-5199
Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...
CVE-2024-13494
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfufiledetails' function. This makes it possible for unauthenticated attackers to modify user data...
CVE-2024-13494 WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfufiledetails' function. This makes it possible for unauthenticated attackers to modify user data...
Exploit for Path Traversal in Iptanus Wordpress_File_Upload
CVE-2024-9047: Exploit for WordPress File Upload Plugin De...
PT-2025-3850 Β· WordPress Β· Wpbookit
Name of the Vulnerable Software and Affected Versions: WPBookit plugin for WordPress versions up to, and including, 1.6.9 Description: The issue is related to insufficient file type validation in the WPB Profile controller::handle image upload function, allowing unauthenticated attackers to uploa...
CVE-2024-9939
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory...
CVE-2024-9939 WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory...
CVE-2024-9939
CVE-2024-9939 (WordPress File Upload plugin) is a path traversal vulnerability that affects WordPress File Upload up to version 4.24.13 via wfu_file_downloader.php, enabling unauthenticated attackers to read files outside the intended directory. The issue is confirmed in connected Red Hat and Wor...
CVE-2024-9939 WordPress File Upload <= 4.24.13 - Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory...
CVE-2024-11613
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfufiledownloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and...
WordPress plugin WordPress File Upload θ·―εΎιεζΌζ΄
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2024-12719
CVE-2024-12719 relates to the WordPress File Upload plugin for WordPress. A missing capability check in the wfu_ajax_action_read_subfolders function across all versions up to 4.24.15 allows authenticated users with Subscriber+ privileges to perform limited path traversal to view directories and s...
CVE-2024-12719 WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfuajaxactionreadsubfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level acce...