Product
iptanus wordpress file upload
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-13494
CVE-2024-9939
CVE-2024-11635
CVE-2024-11613
CVE-2024-12719
CVE-2024-39639
CVE-2024-9047
CVE-2024-7301
CVE-2024-6494
CVE-2024-6651
CVE-2024-5852
CVE-2024-2847
CVE-2023-4811
CVE-2023-2767
CVE-2023-2688
CVE-2021-24962
CVE-2021-24961
CVE-2021-24960
CVE-2020-10564
CVE-2015-9340
CVE-2015-9339
CVE-2015-9338
CVE-2015-9341
CVE-2018-9844
CVE-2018-9172
CVE-2014-5199
< 4.25.3
The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4
< 4.24.14
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via w
< 4.24.15
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.1
< 4.25.0
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Del
< 4.25.0
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on t
< 4.24.8
Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Con
< 4.24.12
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via w
< 4.24.9
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions u
< 4.24.8
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could all
< 4.24.8
The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the
< 4.24.8
The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 v
< 4.24.6
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all v
< 4.23.3
The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high
<= 4.19.1
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via ad
<= 4.19.1
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to,
< 4.16.3
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform pa
< 4.16.3
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape
< 4.16.3
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users wi
< 4.13.0
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execu
< 3.0.0
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, ph
< 2.7.1
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
< 2.5.0
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
< 3.4.1
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
< 4.3.4
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
< 4.3.3
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
<= 2.4.1
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress al