WordPress File Upload

Information

Software Type Plugin
Software Slug wp-file-upload (view on wordpress.org)
Software Status Active
Software Author nickboss
Software Website www.iptanus.com
Software Downloads 1,223,086
Software Active Installs 20,000
Software Record Last Updated April 14, 2024

18 Vulnerabilities

4.3
CVE ID Unknown
Nov 14, 2023
Researchers:
5.4
CVE ID Unknown
May 15, 2022
Researchers:
9.8
CVE ID Unknown
Jun 23, 2016
Researchers:
Title CVE ID CVSS Researchers Date
WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-2847 6.4 Krzysztof Zając March 29, 2024
Wordpress File Upload 4.24.0 - Cross-Site Request Forgery 4.3 November 14, 2023
Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-4811 4.4 FAIYAZ AHMAD September 12, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal CVE-2023-2688 4.9 Marco Wotschka May 23, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-2767 4.4 Marco Wotschka May 23, 2023
WordPress File Upload <= 4.16.3 - Cross-Site Scripting 5.4 May 15, 2022
WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal CVE-2021-24962 6.5 apple502j March 1, 2022
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode CVE-2021-24961 5.4 apple502j February 14, 2022
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG CVE-2021-24960 5.4 apple502j February 14, 2022
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution CVE-2020-10564 9.8 riccardo krauter (p4w) March 13, 2020
WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting CVE-2018-9844 6.1 ManhNho April 6, 2018
WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes CVE-2018-9172 4.1 ManhNho March 31, 2018
WordPress File Upload < 3.9.0 - Arbitrary File Upload 9.8 June 23, 2016
WordPress File Upload <= 3.4.0 - Arbitrary File Upload CVE-2015-9341 9.8 October 29, 2015
WordPress File Upload < 3.0.0 - Arbitrary File Upload CVE-2015-9340 9.8 July 2, 2015
WordPress File Upload < 2.7.1 - Arbitrary File Upload CVE-2015-9339 8.2 May 9, 2015
WordPress File Upload <= 2.4.6 - Arbitrary File Upload CVE-2015-9338 9.8 January 23, 2015
WordPress File Upload < 2.4.2 - Cross-Site Request Forgery CVE-2014-5199 6.3 August 8, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation