cbcvebase.

Iptanus Wordpress File Upload vulnerabilities

25 known vulnerabilities affecting iptanus/wordpress_file_upload.

Total CVEs
25
CISA KEV
0
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH6MEDIUM14LOW1

Vulnerabilities

Page 2 of 2
CVE-2024-2847P4MEDIUMCVSS 5.4fixed in 4.24.62024-04-09
CVE-2024-2847 [MEDIUM] CWE-79 CVE-2024-2847: The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inje
nvd
CVE-2023-2767P4MEDIUMCVSS 5.5≤ 4.19.12023-06-09
CVE-2023-2767 [MEDIUM] CWE-79 CVE-2023-2767: The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stor The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject
nvd
CVE-2024-12719P4MEDIUMCVSS 4.3fixed in 4.25.02025-01-07
CVE-2024-12719 [MEDIUM] CWE-862 CVE-2024-12719: The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to
nvd
CVE-2024-13494P4MEDIUMCVSS 4.3fixed in 4.25.32025-02-25
CVE-2024-13494 [MEDIUM] CWE-352 CVE-2024-13494: The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for unauthenticated attackers to modify user data details associated with uploaded files via a forged
nvd
CVE-2024-39639P4LOWCVSS 3.5fixed in 4.24.82024-11-01
CVE-2024-39639 [LOW] CWE-352 CVE-2024-39639: Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Inc Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7.
nvd
Iptanus Wordpress File Upload vulnerabilities | cvebase