CVE-2020-10564

CWE-22 — Path Traversal3 documents3 sources

Severity

9.8CRITICAL

EPSS

31.7%

top 3.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Iptanus Wordpress File Upload

Timeline

PublishedMar 13

Latest updateMay 24

Description

An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDiptanus/wordpress_file_upload< 4.13.0

🔴Vulnerability Details

GHSA

GHSA-jv5x-hvg3-3pjm: An issue was discovered in the File Upload plugin before 4↗2022-05-24

▶

CVEList

CVE-2020-10564: An issue was discovered in the File Upload plugin before 4↗2020-03-13

▶