WordPress File Upload

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   WordPress File Upload

Information

Software Type Plugin
Software Slug wp-file-upload (view on wordpress.org)
Software Status Active
Software Author nickboss
Software Website www.iptanus.com
Software Downloads 1,306,533
Software Active Installs 20,000
Software Record Last Updated October 20, 2024

Showing 1-20 of 25 Vulnerabilities

Submit a Vulnerability
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php
9.8
CVE-2024-9047
Oct 11, 2024
Researcher: Arkadiusz Hydzik
WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
7.2
CVE-2024-7301
Aug 15, 2024
Researcher: wesley (wcraft)
WordPress File Upload <= 4.24.7 - Missing Authorization
5.4
CVE-2024-39639
Aug 1, 2024
Researcher: emad
WordPress File Upload <= 4.24.7 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-6494
Jul 16, 2024
Researcher: Majdeddine Ben Hadj Brahim
WordPress File Upload <= 4.24.7 - Reflected Cross-Site Scripting
6.1
CVE-2024-6651
Jul 16, 2024
Researcher: Đức Tài
WordPress File Upload <= 4.24.7 - Authenticated (Contributor+) Directory Traversal
4.3
CVE-2024-5852
Jul 15, 2024
Researcher: Colin Xu
WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2024-2847
Mar 29, 2024
Researcher: Krzysztof Zając
Wordpress File Upload 4.24.0 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Nov 14, 2023
Researchers:
Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4811
Sep 12, 2023
Researcher: FAIYAZ AHMAD
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
4.9
CVE-2023-2688
May 23, 2023
Researcher: Marco Wotschka
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-2767
May 23, 2023
Researcher: Marco Wotschka
WordPress File Upload <= 4.16.3 - Cross-Site Scripting
5.4
CVE ID Unknown
May 15, 2022
Researchers:
WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal
6.5
CVE-2021-24962
Mar 1, 2022
Researcher: apple502j
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode
5.4
CVE-2021-24961
Feb 14, 2022
Researcher: apple502j
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG
5.4
CVE-2021-24960
Feb 14, 2022
Researcher: apple502j
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution
9.8
CVE-2020-10564
Mar 13, 2020
Researcher: riccardo krauter (p4w)
WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting
6.1
CVE-2018-9844
Apr 6, 2018
Researcher: ManhNho
WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes
4.1
CVE-2018-9172
Mar 31, 2018
Researcher: ManhNho
WordPress File Upload < 3.9.0 - Arbitrary File Upload
9.8
CVE ID Unknown
Jun 23, 2016
Researchers:
WordPress File Upload <= 3.4.0 - Arbitrary File Upload
9.8
CVE-2015-9341
Oct 29, 2015
Researchers:
Title Status CVE ID CVSS Researchers Date
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php Patched CVE-2024-9047 9.8 Arkadiusz Hydzik October 11, 2024
WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload Patched CVE-2024-7301 7.2 wesley (wcraft) August 15, 2024
WordPress File Upload <= 4.24.7 - Missing Authorization Patched CVE-2024-39639 5.4 emad August 1, 2024
WordPress File Upload <= 4.24.7 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2024-6494 7.2 Majdeddine Ben Hadj Brahim July 16, 2024
WordPress File Upload <= 4.24.7 - Reflected Cross-Site Scripting Patched CVE-2024-6651 6.1 Đức Tài July 16, 2024
WordPress File Upload <= 4.24.7 - Authenticated (Contributor+) Directory Traversal Patched CVE-2024-5852 4.3 Colin Xu July 15, 2024
WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Patched CVE-2024-2847 6.4 Krzysztof Zając March 29, 2024
Wordpress File Upload 4.24.0 - Cross-Site Request Forgery Patched 4.3 November 14, 2023
Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting Patched CVE-2023-4811 4.4 FAIYAZ AHMAD September 12, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal Patched CVE-2023-2688 4.9 Marco Wotschka May 23, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2023-2767 4.4 Marco Wotschka May 23, 2023
WordPress File Upload <= 4.16.3 - Cross-Site Scripting Patched 5.4 May 15, 2022
WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal Patched CVE-2021-24962 6.5 apple502j March 1, 2022
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode Patched CVE-2021-24961 5.4 apple502j February 14, 2022
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG Patched CVE-2021-24960 5.4 apple502j February 14, 2022
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution Patched CVE-2020-10564 9.8 riccardo krauter (p4w) March 13, 2020
WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting Patched CVE-2018-9844 6.1 ManhNho April 6, 2018
WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes Patched CVE-2018-9172 4.1 ManhNho March 31, 2018
WordPress File Upload < 3.9.0 - Arbitrary File Upload Patched 9.8 June 23, 2016
WordPress File Upload <= 3.4.0 - Arbitrary File Upload Patched CVE-2015-9341 9.8 October 29, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation