📦 Wordpress File Upload

This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers running the vulnerable File Upload plugin. All WordPress sites using this plugin up to version 4.24.1...

This vulnerability in the WordPress File Upload plugin allows unauthenticated attackers to execute arbitrary code, read sensitive files, and delete files on affected WordPress sites. All WordPress sit...

The WordPress File Upload plugin has a path traversal vulnerability in wfu_file_downloader.php that allows unauthenticated attackers to read or delete files outside intended directories. This affects ...

The WordPress File Upload plugin versions up to 4.24.8 contain a stored cross-site scripting vulnerability in SVG file uploads. Unauthenticated attackers can upload malicious SVG files containing Java...

This vulnerability in WordPress File Upload plugins allows users with Contributor role or higher to perform path traversal attacks via shortcode arguments. Attackers can upload PHP code disguised as i...

This CSRF vulnerability in WordPress File Upload plugin allows attackers to modify user data details for uploaded files by tricking administrators into clicking malicious links. All WordPress sites us...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress File Upload plugin that allows attackers to trick authenticated users into performing unauthorized file uploads or...

This vulnerability in the WordPress File Upload plugin allows attackers to inject malicious scripts via a reflected cross-site scripting (XSS) attack. When high-privilege users like administrators cli...

The WordPress File Upload plugin contains a directory traversal vulnerability that allows authenticated attackers with Contributor-level access or higher to upload limited files to arbitrary locations...