The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level malicious users to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
iptanus wordpress file upload pro |
||
iptanus wordpress file upload |