Iptanus Wordpress File Upload — known CVE vulnerabilities
Every CVE whose affected-product data names Iptanus Wordpress File Upload, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2024-11635 — CVSS 9.8 (critical): The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the…
CVE-2020-10564 — CVSS 9.8 (critical): An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by…
CVE-2024-11613 — CVSS 9.8 (critical): The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in…
CVE-2024-9047 — CVSS 9.8 (critical): The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via…
CVE-2021-24962 — CVSS 8.8 (high): The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path…
CVE-2015-9338 — CVSS 7.5 (high): The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
CVE-2015-9339 — CVSS 7.5 (high): The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
CVE-2015-9340 — CVSS 7.5 (high): The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm…
CVE-2015-9341 — CVSS 7.5 (high): The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
CVE-2024-9939 — CVSS 7.5 (high): The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via…
CVE-2024-7301 — CVSS 7.2 (high): The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and…
CVE-2024-2847 — CVSS 6.4 (medium): The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions…
CVE-2024-6651 — CVSS 6.1 (medium): The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page…
CVE-2024-6494 — CVSS 6.1 (medium): The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow…
CVE-2018-9844 — CVSS 6.1 (medium): The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
CVE-2021-24961 — CVSS 5.4 (medium): The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of…
CVE-2023-4811 — CVSS 5.4 (medium): The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2021-24960 — CVSS 5.4 (medium): The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role…
CVE-2018-9172 — CVSS 5.4 (medium): The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
CVE-2023-2688 — CVSS 4.9 (medium): The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and…
CVE-2023-2767 — CVSS 4.4 (medium): The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin…
CVE-2024-5852 — CVSS 4.3 (medium): The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the…
CVE-2024-13494 — CVSS 4.3 (medium): The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2…
CVE-2024-12719 — CVSS 4.3 (medium): The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…