Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

WordPress File Upload

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WordPress File Upload

Information

Software Type	Plugin
Software Slug	wp-file-upload (view on wordpress.org)
Software Status	Removed
Software Author	nickboss
Software Website	www.iptanus.com
Software Downloads	1,381,352
Software Active Installs	20,000
Software Record Last Updated	April 8, 2025

Showing 21-30 of 30 Vulnerabilities

Submit a Vulnerability

WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution

9.8

CVE-2020-10564

Mar 13, 2020

Researcher: riccardo krauter (p4w)

WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting

6.1

CVE-2018-9844

Apr 6, 2018

Researcher: ManhNho

WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes

4.1

CVE-2018-9172

Mar 31, 2018

Researcher: ManhNho

WordPress File Upload < 3.9.0 - Arbitrary File Upload

9.8

CVE ID Unknown

Jun 23, 2016

Researchers:

WordPress File Upload <= 3.4.0 - Arbitrary File Upload

9.8

CVE-2015-9341

Oct 29, 2015

Researchers:

WordPress File Upload < 3.0.0 - Arbitrary File Upload

9.8

CVE-2015-9340

Jul 2, 2015

Researchers:

WordPress File Upload < 2.7.1 - Arbitrary File Upload

8.2

CVE-2015-9339

May 9, 2015

Researchers:

WordPress File Upload <= 2.4.6 - Arbitrary File Upload

9.8

CVE-2015-9338

Jan 23, 2015

Researchers:

WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting

6.1

CVE-2014-125110

Aug 20, 2014

Researchers:

WordPress File Upload < 2.4.2 - Cross-Site Request Forgery

6.3

CVE-2014-5199

Aug 8, 2014

Researchers:

Title	Status	CVE ID	CVSS	Researchers	Date
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution	Patched	CVE-2020-10564	9.8	riccardo krauter (p4w)	March 13, 2020
WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting	Patched	CVE-2018-9844	6.1	ManhNho	April 6, 2018
WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes	Patched	CVE-2018-9172	4.1	ManhNho	March 31, 2018
WordPress File Upload < 3.9.0 - Arbitrary File Upload	Patched		9.8		June 23, 2016
WordPress File Upload <= 3.4.0 - Arbitrary File Upload	Patched	CVE-2015-9341	9.8		October 29, 2015
WordPress File Upload < 3.0.0 - Arbitrary File Upload	Patched	CVE-2015-9340	9.8		July 2, 2015
WordPress File Upload < 2.7.1 - Arbitrary File Upload	Patched	CVE-2015-9339	8.2		May 9, 2015
WordPress File Upload <= 2.4.6 - Arbitrary File Upload	Patched	CVE-2015-9338	9.8		January 23, 2015
WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting	Patched	CVE-2014-125110	6.1		August 20, 2014
WordPress File Upload < 2.4.2 - Cross-Site Request Forgery	Patched	CVE-2014-5199	6.3		August 8, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

WordPress File Upload

Information

Showing 21-30 of 30 Vulnerabilities

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting