Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbTim CoenWPVDB-ID:B4E1B114-AE7E-469C-9A25-528E48370C81
HistoryJul 02, 2015 - 12:00 a.m.

WordPress File Upload <= 2.7.6 - Multiple Vulnerabilities

2015-07-0200:00:00
Tim Coen
wpscan.com
10

0.001 Low

EPSS

Percentile

31.9%

JSON

The plugin allows upload of file extensions that may lead to code execution, such as php4 or php5. Additionally, it allows an admin user to rename files and thus change the extension of uploaded files, leading to code execution. There is no CSRF protection for this. The plugin also allows for the download of arbitrary files by an admin. There are also a couple of XSS vulnerabilities.

CPENameOperatorVersion
wp-file-uploadlt3.0.0

Related

prion 1
cvelist 1
cve 1
nvd 1
prion
prion
Design/Logic Flaw
2019-08-22 20:15:00
cvelist
cvelist
CVE-2015-9340
2019-08-22 19:01:24
cve
cve
CVE-2015-9340
2019-08-22 20:15:11
nvd
nvd
CVE-2015-9340
2019-08-22 20:15:11

0.001 Low

EPSS

Percentile

31.9%

JSON
Related for WPVDB-ID:B4E1B114-AE7E-469C-9A25-528E48370C81
prion1cvelist1cve1nvd1