WordPress plugin WordPress File Upload 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1667

Name of the Vulnerable Software and Affected Versions WordPress File Upload plugin versions up to, and including, 4.24.15 Description The WordPress File Upload plugin is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion due to the lack of proper sanitization of...

PT-2024-17720 · WordPress · Wordpress File Upload

Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to, and including, 4.24.15 Description: The WordPress File Upload plugin is vulnerable to unauthorized access of data due to a missing capability check on the wfu ajax action read subfolders function...

CVE-2024-39639 WordPress File Upload plugin <= 4.24.7 - Broken Access Control + CSRF vulnerability

Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7...

CVE-2024-39639

CVE-2024-39639 affects WordPress File Upload plugin (≤4.24.7). Root cause is Broken Access Control, with Patchstack noting CSRF involvement. Impact is reported as low to medium (CVSS 3.5–4.3 range); patched in version 4.24.8. No exploitation status provided in the sources; monitor for updates fro...

WordPress plugin WordPress File Upload 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WordPress File Upload plugin <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php vulnerability

Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfufiledownloader.php vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WordPress File Upload versions = 4.24.11...

WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...

CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

WordPress plugin WordPress File Upload 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

PT-2024-39388 · WordPress · Wordpress File Upload

Name of the Vulnerable Software and Affected Versions: WordPress File Upload plugin versions up to, and including, 4.24.11 Description: The WordPress File Upload plugin is vulnerable to Path Traversal via the wfu file downloader.php file. This allows unauthenticated attackers to read or delete...

WordPress WordPress File Upload plugin <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin WordPress File Upload versions = 4.24.8...

WordPress WordPress File Upload Plugin <= 4.24.8 is vulnerable to Cross Site Scripting (XSS)

Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.8 Fixed in 4.24.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7301 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID a1f4d9ddbee7 Credits wesley wcraft...

WordPress plugin WordPress File Upload 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WordPress File Upload Plugin < 4.24.8 is vulnerable to Cross Site Scripting (XSS)

Software WordPress File Upload Type Plugin Vulnerable versions 4.24.8 Fixed in 4.24.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6494 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 71728d9c7064 Credits Majdeddine B...

WordPress plugin WordPress File Upload 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WordPress File Upload plugin < 4.24.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Đức Tài in WordPress Plugin WordPress File Upload versions 4.24.8...

CVE-2024-6651

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WordPress File Upload Plugin < 4.24.8 is vulnerable to Cross Site Scripting (XSS)

Software WordPress File Upload Type Plugin Vulnerable versions 4.24.8 Fixed in 4.24.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6651 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f705fe24e0ac Credits Đức Tài...

CVE-2024-5852

The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpressfileupload shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...