Lucene search
K

21 matches found

NVD
NVD
added 2026/06/14 8:16 a.m.17 views

CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.4CVSS0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/14 6:0 a.m.15 views

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.3AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/14 6:0 a.m.40 views

CVE-2025-15546 Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

0.00159EPSS
Exploits0References1
CVE
CVE
added 2026/06/14 6:0 a.m.39 views

CVE-2025-15546

The CVE concerns the Iptanus File Upload WordPress plugin

5.4CVSS5.3AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.26 views

PT-2026-49106

Name of the Vulnerable Software and Affected Versions Iptanus File Upload versions prior to 5.1.7 Description Improper file handling occurs when the duplicatepolicy setting is configured to "maintain both." A Time-of-Check to Time-of-Use TOCTOU race condition—a scenario where a system checks a...

5.4CVSS6AI score0.00159EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/01/18 5:37 a.m.180 views

Exploit for Code Injection in Iptanus Wordpress_File_Upload

No d...

9.8CVSS7AI score0.01474EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2023/12/04 2:51 a.m.10 views

iptanus.com Improper Access Control vulnerability OBB-3801621

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
0day.today
0day.today
added 2018/04/11 12:0 a.m.46 views

WordPress File Upload Plugin 4.3.3 - Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.3 Tested on: Windo...

6.6AI score0.03844EPSS
Exploits6
exploitpack
exploitpack
added 2018/04/10 12:0 a.m.49 views

WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting

WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS Date: 31/03/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip...

3.5CVSS0.2AI score0.03244EPSS
Exploits5
CNVD
CNVD
added 2018/04/08 12:0 a.m.14 views

Iptanus WordPress File Upload Cross-Site Scripting Vulnerability

WordPress File Upload is a WordPress plugin that allows you to easily and securely upload files from any page to your WordPress site using shortcodes. A cross-site scripting vulnerability exists in the WordPress plugin Iptanus WordPress File Upload prior to version 4.3.4. The vulnerability arises...

6.1CVSS6.2AI score0.03844EPSS
Exploits6References1
NVD
NVD
added 2018/04/07 7:29 a.m.23 views

CVE-2018-9844

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...

6.1CVSS6.3AI score0.03844EPSS
Exploits6References3
Prion
Prion
added 2018/04/07 7:29 a.m.16 views

Cross site scripting

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...

4.3CVSS6.2AI score0.03844EPSS
Exploits6References3Affected Software1
OSV
OSV
added 2018/04/07 7:29 a.m.6 views

CVE-2018-9844

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...

6.1CVSS5.8AI score0.03844EPSS
Exploits6References3
CVE
CVE
added 2018/04/07 7:0 a.m.68 views

CVE-2018-9844

The CVE-2018-9844 affects the Iptanus WordPress File Upload plugin for WordPress (versions up to and including 4.3.3). The root cause is mishandling of the Settings attribute, which enables stored Cross-Site Scripting (XSS) in the admin panel (notably via the Edit_Settings functionality). Impact ...

6.1CVSS6.2AI score0.03844EPSS
Exploits6References3Affected Software1
Cvelist
Cvelist
added 2018/04/07 7:0 a.m.19 views

CVE-2018-9844

The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...

6.3AI score0.03844EPSS
Exploits6References3
NVD
NVD
added 2018/04/01 11:29 p.m.26 views

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

5.4CVSS5.6AI score0.03244EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2018/04/01 11:29 p.m.6 views

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

5.4CVSS5.4AI score0.03244EPSS
Exploits5References6
OSV
OSV
added 2018/04/01 11:29 p.m.4 views

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

5.4CVSS5.8AI score0.03244EPSS
Exploits5References3
Prion
Prion
added 2018/04/01 11:29 p.m.16 views

Default credentials

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

3.5CVSS5.5AI score0.03244EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2018/04/01 11:0 p.m.58 views

CVE-2018-9172

The CVE-2018-9172 entry describes a vulnerability in the Iptanus WordPress File Upload plugin for WordPress, affecting versions prior to 4.3.3. The root cause is mishandling of shortcode attributes, which is associated with the Shortcodes/Uploader Instances functionality and has been demonstrated...

5.4CVSS5.5AI score0.03244EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder