8 matches found
CVE-2023-2688
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...
CVE-2023-2688 WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...
CVE-2023-2767
CVE-2023-2767 affects the WordPress File Upload and WordPress File Upload Pro plugins for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in admin/settings paths, exploitable by authenticated attackers with adm...
PT-2023-21293 · WordPress +1 · Wordpress +2
Name of the Vulnerable Software and Affected Versions: WordPress File Upload and WordPress File Upload Pro plugins for WordPress versions up to, and including, 4.19.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and...
CVE-2023-1282
The CVE-2023-1282 entry affects the WordPress plugins “Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard” (before 2.11.1) and “Drag and Drop Multiple File Upload PRO – Contact Form 7 with Remote Storage Integrations” (before 5.0.6.4). Root cause: both plugins do not sanitize/escape...
PT-2023-16859 · WordPress · Drag/Drop Multiple File Upload Pro - Contact Form 7 Standard +1
Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin versions prior to 2.11.1 Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin versions prior to 5.0.6.4...
CVE-2021-24961
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
WordPress File Upload Pro premium plugin <= 4.16.2 - Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability
Contributor+ Stored Cross-Site Scripting XSS via Shortcode vulnerability discovered by apple502j in WordPress File Upload Pro premium plugin versions = 4.16.2. Solution Update the WordPress File Upload Pro premium plugin to the latest available version at least 4.16.3...