Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iptanus wordpress file upload vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-24961
The WordPress File Upload WordPress plugin prior to 4.16.3, wordpress-file-upload-pro WordPress plugin prior to 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Iptanus Wordpress File Upload
Iptanus Wordpress File Upload Pro
8.8
CVSSv3
CVE-2021-24962
The WordPress File Upload Free and Pro WordPress plugins prior to 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plu...
Iptanus Wordpress File Upload
Iptanus Wordpress File Upload Pro
5.4
CVSSv3
CVE-2021-24960
The WordPress File Upload WordPress plugin prior to 4.16.3, wordpress-file-upload-pro WordPress plugin prior to 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Si...
Iptanus Wordpress File Upload
Iptanus Wordpress File Upload Pro
5.5
CVSSv3
CVE-2023-2767
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authentic...
Iptanus Wordpress File Upload Pro
Iptanus Wordpress File Upload
4.9
CVSSv3
CVE-2023-2688
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level malicious users to move files uploaded with the plugin...
Iptanus Wordpress File Upload Pro
Iptanus Wordpress File Upload
7.5
CVSSv3
CVE-2015-9338
The wp-file-upload plugin prior to 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
Iptanus Wordpress File Upload
7.5
CVSSv3
CVE-2015-9340
The wp-file-upload plugin prior to 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
Iptanus Wordpress File Upload
7.5
CVSSv3
CVE-2015-9341
The wp-file-upload plugin prior to 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
Iptanus Wordpress File Upload
7.5
CVSSv3
CVE-2015-9339
The wp-file-upload plugin prior to 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
Iptanus Wordpress File Upload
5.4
CVSSv3
CVE-2023-4811
The WordPress File Upload WordPress plugin prior to 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
Iptanus Wordpress File Upload
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »