Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress upload file plugin vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2015-9341
The wp-file-upload plugin prior to 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
Iptanus Wordpress File Upload
445
VMScore
CVE-2015-9339
The wp-file-upload plugin prior to 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
Iptanus Wordpress File Upload
445
VMScore
CVE-2015-9340
The wp-file-upload plugin prior to 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.
Iptanus Wordpress File Upload
670
VMScore
CVE-2020-10564
An issue exists in the File Upload plugin prior to 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.
Iptanus Wordpress File Upload
7 Github repositories
760
VMScore
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) prior to 1.0.0 for WordPress and prior to 2.0.1 for Joomla!, allows remot...
Creative-solutions Creative Contact Form
Jquery File Upload Project Jquery File Upload 6.4.4
2 EDB exploits
1 Github repository
NA
CVE-2023-2684
The File Renaming on Upload WordPress plugin prior to 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wpfactory File Renaming On Upload
668
VMScore
CVE-2020-12800
The drag-and-drop-multiple-file-upload-contact-form-7 plugin prior to 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
2 Github repositories
755
VMScore
CVE-2012-1205
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin prior to 0.20 for WordPress allows remote malicious users to execute arbitrary PHP code via a URL in the abspath parameter.
Alanft Relocate-upload 0.11
Alanft Relocate-upload 0.10
Alanft Relocate-upload
1 EDB exploit
NA
CVE-2023-1282
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin prior to 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin prior to 5.0.6.4 do not sanitise and escape a parameter before outpu...
Codedropz Drag And Drop Multiple File Upload - Contact Form 7
NA
CVE-2022-3126
The Frontend File Manager Plugin WordPress plugin prior to 21.4 does not have CSRF check when uploading files, which could allow malicious users to make logged in users upload files on their behalf
Najeebmedia Frontend File Manager Plugin
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »