21 matches found
CVE-2025-15546
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...
CVE-2025-15546 Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...
EUVD-2025-210137
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...
CVE-2025-15546
The CVE-2025-15546 entry concerns the Iptanus File Upload WordPress plugin (pre-5.1.7). A TOCTOU race condition between the file existence check and the actual write operation, when the duplicatepolicy is set to “maintain both,” allows an authenticated attacker to overwrite files uploaded by othe...
PT-2026-49106
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...
Exploit for Code Injection in Iptanus Wordpress_File_Upload
No d...
iptanus.com Improper Access Control vulnerability OBB-3801621
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress File Upload Plugin 4.3.3 - Stored Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.3 Tested on: Windo...
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS Date: 31/03/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip...
Iptanus WordPress File Upload Cross-Site Scripting Vulnerability
WordPress File Upload is a WordPress plugin that allows you to easily and securely upload files from any page to your WordPress site using shortcodes. A cross-site scripting vulnerability exists in the WordPress plugin Iptanus WordPress File Upload prior to version 4.3.4. The vulnerability arises...
CVE-2018-9844
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...
Cross site scripting
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...
CVE-2018-9844
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...
CVE-2018-9844
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS...
CVE-2018-9844
The CVE-2018-9844 affects the Iptanus WordPress File Upload plugin for WordPress (versions up to and including 4.3.3). The root cause is mishandling of the Settings attribute, which enables stored Cross-Site Scripting (XSS) in the admin panel (notably via the Edit_Settings functionality). Impact ...
Default credentials
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
CVE-2018-9172
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
CVE-2018-9172
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
CVE-2018-9172
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...
CVE-2018-9172
The CVE-2018-9172 entry describes a vulnerability in the Iptanus WordPress File Upload plugin for WordPress, affecting versions prior to 4.3.3. The root cause is mishandling of shortcode attributes, which is associated with the Shortcodes/Uploader Instances functionality and has been demonstrated...