WordPress File Upload

Information

Software Type Plugin
Software Slug wp-file-upload (view on wordpress.org)
Software Status Active
Software Author nickboss
Software Website www.iptanus.com
Software Downloads 1,319,769
Software Active Installs 20,000
Software Record Last Updated November 21, 2024

Showing 1-20 of 25 Vulnerabilities

9.8
CVE ID Unknown
Jun 23, 2016
Researchers:
5.4
CVE ID Unknown
May 15, 2022
Researchers:
Title Status CVE ID CVSS Researchers Date
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php Patched CVE-2024-9047 9.8 Arkadiusz Hydzik October 11, 2024
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution Patched CVE-2020-10564 9.8 riccardo krauter (p4w) March 13, 2020
WordPress File Upload < 3.9.0 - Arbitrary File Upload Patched 9.8 June 23, 2016
WordPress File Upload <= 3.4.0 - Arbitrary File Upload Patched CVE-2015-9341 9.8 October 29, 2015
WordPress File Upload < 3.0.0 - Arbitrary File Upload Patched CVE-2015-9340 9.8 July 2, 2015
WordPress File Upload <= 2.4.6 - Arbitrary File Upload Patched CVE-2015-9338 9.8 January 23, 2015
WordPress File Upload < 2.7.1 - Arbitrary File Upload Patched CVE-2015-9339 8.2 May 9, 2015
WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload Patched CVE-2024-7301 7.2 wesley (wcraft) August 15, 2024
WordPress File Upload <= 4.24.7 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2024-6494 7.2 Majdeddine Ben Hadj Brahim July 16, 2024
WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal Patched CVE-2021-24962 6.5 apple502j March 1, 2022
WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2024-2847 6.4 Krzysztof Zając March 29, 2024
WordPress File Upload < 2.4.2 - Cross-Site Request Forgery Patched CVE-2014-5199 6.3 August 8, 2014
WordPress File Upload <= 4.24.7 - Reflected Cross-Site Scripting Patched CVE-2024-6651 6.1 Đức Tài July 16, 2024
WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting Patched CVE-2018-9844 6.1 ManhNho April 6, 2018
WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting Patched CVE-2014-125110 6.1 August 20, 2014
WordPress File Upload <= 4.24.7 - Missing Authorization Patched CVE-2024-39639 5.4 emad August 1, 2024
WordPress File Upload <= 4.16.3 - Cross-Site Scripting Patched 5.4 May 15, 2022
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode Patched CVE-2021-24961 5.4 apple502j February 14, 2022
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG Patched CVE-2021-24960 5.4 apple502j February 14, 2022
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal Patched CVE-2023-2688 4.9 Marco Wotschka May 23, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation