Lucene search
K

8 matches found

NVD
NVD
added 2023/06/09 6:16 a.m.14 views

CVE-2023-2688

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...

4.9CVSS5.1AI score0.01736EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.17 views

CVE-2023-2688 WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...

4.9CVSS5.5AI score0.01736EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 5:33 a.m.43 views

CVE-2023-2767

CVE-2023-2767 affects the WordPress File Upload and WordPress File Upload Pro plugins for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in admin/settings paths, exploitable by authenticated attackers with adm...

5.5CVSS5.3AI score0.00376EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.6 views

PT-2023-21293 · WordPress +1 · Wordpress +2

Name of the Vulnerable Software and Affected Versions: WordPress File Upload and WordPress File Upload Pro plugins for WordPress versions up to, and including, 4.19.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and...

5.5CVSS5.7AI score0.00376EPSS
Exploits0References5
CVE
CVE
added 2023/04/17 12:17 p.m.68 views

CVE-2023-1282

The CVE-2023-1282 entry affects the WordPress plugins “Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard” (before 2.11.1) and “Drag and Drop Multiple File Upload PRO – Contact Form 7 with Remote Storage Integrations” (before 5.0.6.4). Root cause: both plugins do not sanitize/escape...

6.1CVSS6.1AI score0.00542EPSS
Exploits3References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.6 views

PT-2023-16859 · WordPress · Drag/Drop Multiple File Upload Pro - Contact Form 7 Standard +1

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin versions prior to 2.11.1 Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin versions prior to 5.0.6.4...

6.1CVSS6AI score0.00542EPSS
Exploits3References7
OSV
OSV
added 2022/03/07 9:15 a.m.4 views

CVE-2021-24961

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.0077EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/14 12:0 a.m.25 views

WordPress File Upload Pro premium plugin <= 4.16.2 - Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability

Contributor+ Stored Cross-Site Scripting XSS via Shortcode vulnerability discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...

5.4CVSS2.9AI score0.0077EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder