Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress upload file plugin vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-9338
The wp-file-upload plugin prior to 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
Iptanus Wordpress File Upload
7.5
CVSSv3
CVE-2015-9341
The wp-file-upload plugin prior to 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
Iptanus Wordpress File Upload
7.5
CVSSv3
CVE-2015-9340
The wp-file-upload plugin prior to 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
Iptanus Wordpress File Upload
9.8
CVSSv3
CVE-2020-10564
An issue exists in the File Upload plugin prior to 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.
Iptanus Wordpress File Upload
7 Github repositories
9.8
CVSSv3
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) prior to 1.0.0 for WordPress and prior to 2.0.1 for Joomla!, allows remot...
Creative-solutions Creative Contact Form
Jquery File Upload Project Jquery File Upload 6.4.4
2 EDB exploits
1 Github repository
4.8
CVSSv3
CVE-2023-2684
The File Renaming on Upload WordPress plugin prior to 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wpfactory File Renaming On Upload
9.8
CVSSv3
CVE-2020-12800
The drag-and-drop-multiple-file-upload-contact-form-7 plugin prior to 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
2 Github repositories
NA
CVE-2012-1205
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin prior to 0.20 for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the abspath parameter.
Alanft Relocate-upload 0.11
Alanft Relocate-upload 0.10
Alanft Relocate-upload
1 EDB exploit
6.1
CVSSv3
CVE-2023-1282
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin prior to 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin prior to 5.0.6.4 do not sanitise and escape a parameter before outpu...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
4.3
CVSSv3
CVE-2022-3126
The Frontend File Manager Plugin WordPress plugin prior to 21.4 does not have CSRF check when uploading files, which could allow malicious users to make logged in users upload files on their behalf
Najeebmedia Frontend File Manager Plugin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »