CVE-2015-9340

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 51.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Iptanus Wordpress File Upload

Timeline

PublishedAug 22

Latest updateMay 24

Description

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDiptanus/wordpress_file_upload< 3.0.0

🔴Vulnerability Details

GHSA

GHSA-ccvp-hcv8-2jjx: The wp-file-upload plugin before 3↗2022-05-24

▶

CVEList

CVE-2015-9340: The wp-file-upload plugin before 3↗2019-08-22

▶