WordPress File Upload

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   WordPress File Upload

Information

Software Type Plugin
Software Slug wp-file-upload (view on wordpress.org)
Software Status Active
Software Author nickboss
Software Website www.iptanus.com
Software Downloads 1,126,750
Software Active Installs 20,000
Software Record Last Updated September 30, 2023

16 vulnerabilities

Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Sep 12, 2023
Researchers:
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-2767
May 23, 2023
Researcher: Marco Wotschka
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
4.9
CVE-2023-2688
May 23, 2023
Researcher: Marco Wotschka
WordPress File Upload <= 4.16.3 - Cross-Site Scripting
5.4
CVE ID Unknown
May 15, 2022
Researchers:
WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal
6.5
CVE-2021-24962
Mar 1, 2022
Researcher: apple502j
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG
5.4
CVE-2021-24960
Feb 14, 2022
Researcher: apple502j
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode
5.4
CVE-2021-24961
Feb 14, 2022
Researcher: apple502j
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution
9.8
CVE-2020-10564
Mar 13, 2020
Researcher: riccardo krauter (p4w)
WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting
6.1
CVE-2018-9844
Apr 6, 2018
Researcher: ManhNho
WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes
4.1
CVE-2018-9172
Mar 31, 2018
Researcher: ManhNho
WordPress File Upload < 3.9.0 - Arbitrary File Upload
9.8
CVE ID Unknown
Jun 23, 2016
Researchers:
WordPress File Upload <= 3.4.0 - Arbitrary File Upload
9.8
CVE-2015-9341
Oct 29, 2015
Researchers:
WordPress File Upload < 3.0.0 - Arbitrary File Upload
9.8
CVE-2015-9340
Jul 2, 2015
Researchers:
WordPress File Upload < 2.7.1 - Arbitrary File Upload
8.2
CVE-2015-9339
May 9, 2015
Researchers:
WordPress File Upload <= 2.4.6 - Arbitrary File Upload
9.8
CVE-2015-9338
Jan 23, 2015
Researchers:
WordPress File Upload < 2.4.2 - Cross-Site Request Forgery
6.3
CVE-2014-5199
Aug 8, 2014
Researchers:
Title CVE ID CVSS Researchers Date
Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting 4.4 September 12, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-2767 4.4 Marco Wotschka May 23, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal CVE-2023-2688 4.9 Marco Wotschka May 23, 2023
WordPress File Upload <= 4.16.3 - Cross-Site Scripting 5.4 May 15, 2022
WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal CVE-2021-24962 6.5 apple502j March 1, 2022
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG CVE-2021-24960 5.4 apple502j February 14, 2022
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode CVE-2021-24961 5.4 apple502j February 14, 2022
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution CVE-2020-10564 9.8 riccardo krauter (p4w) March 13, 2020
WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting CVE-2018-9844 6.1 ManhNho April 6, 2018
WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes CVE-2018-9172 4.1 ManhNho March 31, 2018
WordPress File Upload < 3.9.0 - Arbitrary File Upload 9.8 June 23, 2016
WordPress File Upload <= 3.4.0 - Arbitrary File Upload CVE-2015-9341 9.8 October 29, 2015
WordPress File Upload < 3.0.0 - Arbitrary File Upload CVE-2015-9340 9.8 July 2, 2015
WordPress File Upload < 2.7.1 - Arbitrary File Upload CVE-2015-9339 8.2 May 9, 2015
WordPress File Upload <= 2.4.6 - Arbitrary File Upload CVE-2015-9338 9.8 January 23, 2015
WordPress File Upload < 2.4.2 - Cross-Site Request Forgery CVE-2014-5199 6.3 August 8, 2014

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation