Search
Find a vulnerability
Search criteria
6 vulnerabilities found for WordPress File Upload Pro by Unknown
CVE-2023-2767 (GCVE-0-2023-2767)
Vulnerability from nvd – Published: 2023-06-09 05:33 – Updated: 2026-04-08 16:41
VLAI
Title
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Summary
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| nickboss | Iptanus File Upload |
Affected:
0 , ≤ 4.19.1
(semver)
|
|
| Unknown | WordPress File Upload Pro |
Affected:
0 , ≤ 4.19.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:29:41.431033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:43:26.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Iptanus File Upload",
"vendor": "nickboss",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WordPress File Upload Pro",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:53.627Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-17T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-05-23T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress File Upload / WordPress File Upload Pro \u003c= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2767",
"datePublished": "2023-06-09T05:33:13.295Z",
"dateReserved": "2023-05-17T16:34:10.953Z",
"dateUpdated": "2026-04-08T16:41:53.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2688 (GCVE-0-2023-2688)
Vulnerability from nvd – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:14
VLAI
Title
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
Summary
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| nickboss | Iptanus File Upload |
Affected:
0 , ≤ 4.19.1
(semver)
|
|
| Unknown | WordPress File Upload Pro |
Affected:
0 , ≤ 4.19.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:24:41.882505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:38:17.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Iptanus File Upload",
"vendor": "nickboss",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WordPress File Upload Pro",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:43.362Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-12T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-05-23T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress File Upload / WordPress File Upload Pro \u003c= 4.19.1 - Authenticated (Administrator+) Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2688",
"datePublished": "2023-06-09T05:33:26.513Z",
"dateReserved": "2023-05-12T20:07:48.332Z",
"dateUpdated": "2026-04-08T17:14:43.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24962 (GCVE-0-2021-24962)
Vulnerability from nvd – Published: 2022-03-28 17:21 – Updated: 2024-08-03 19:49
VLAI
Title
WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE
Summary
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.
Severity
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://plugins.trac.wordpress.org/changeset/2677722 | x_refsource_CONFIRM |
| https://wpscan.com/vulnerability/7a95b3f2-285e-40… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WordPress File Upload |
Affected:
4.16.3 , < 4.16.3
(custom)
|
|
| Unknown | WordPress File Upload Pro |
Affected:
4.16.3 , < 4.16.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WordPress File Upload",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.16.3",
"status": "affected",
"version": "4.16.3",
"versionType": "custom"
}
]
},
{
"product": "WordPress File Upload Pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.16.3",
"status": "affected",
"version": "4.16.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T17:21:01.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress File Upload \u003c 4.16.3 - Contributor+ Path Traversal to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24962",
"STATE": "PUBLIC",
"TITLE": "WordPress File Upload \u003c 4.16.3 - Contributor+ Path Traversal to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress File Upload",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
},
{
"product_name": "WordPress File Upload Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2677722",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"name": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24962",
"datePublished": "2022-03-28T17:21:01.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2688 (GCVE-0-2023-2688)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 17:14
VLAI
Title
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
Summary
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| nickboss | Iptanus File Upload |
Affected:
0 , ≤ 4.19.1
(semver)
|
|
| Unknown | WordPress File Upload Pro |
Affected:
0 , ≤ 4.19.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:24:41.882505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:38:17.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Iptanus File Upload",
"vendor": "nickboss",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WordPress File Upload Pro",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:43.362Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-12T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-05-23T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress File Upload / WordPress File Upload Pro \u003c= 4.19.1 - Authenticated (Administrator+) Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2688",
"datePublished": "2023-06-09T05:33:26.513Z",
"dateReserved": "2023-05-12T20:07:48.332Z",
"dateUpdated": "2026-04-08T17:14:43.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2767 (GCVE-0-2023-2767)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2026-04-08 16:41
VLAI
Title
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Summary
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| nickboss | Iptanus File Upload |
Affected:
0 , ≤ 4.19.1
(semver)
|
|
| Unknown | WordPress File Upload Pro |
Affected:
0 , ≤ 4.19.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:29:41.431033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:43:26.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Iptanus File Upload",
"vendor": "nickboss",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WordPress File Upload Pro",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.19.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:53.627Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2915978%40wp-file-upload%2Ftrunk\u0026old=2909107%40wp-file-upload%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-17T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-05-23T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress File Upload / WordPress File Upload Pro \u003c= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2767",
"datePublished": "2023-06-09T05:33:13.295Z",
"dateReserved": "2023-05-17T16:34:10.953Z",
"dateUpdated": "2026-04-08T16:41:53.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24962 (GCVE-0-2021-24962)
Vulnerability from cvelistv5 – Published: 2022-03-28 17:21 – Updated: 2024-08-03 19:49
VLAI
Title
WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE
Summary
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.
Severity
No CVSS data available.
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://plugins.trac.wordpress.org/changeset/2677722 | x_refsource_CONFIRM |
| https://wpscan.com/vulnerability/7a95b3f2-285e-40… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WordPress File Upload |
Affected:
4.16.3 , < 4.16.3
(custom)
|
|
| Unknown | WordPress File Upload Pro |
Affected:
4.16.3 , < 4.16.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WordPress File Upload",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.16.3",
"status": "affected",
"version": "4.16.3",
"versionType": "custom"
}
]
},
{
"product": "WordPress File Upload Pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.16.3",
"status": "affected",
"version": "4.16.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T17:21:01.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress File Upload \u003c 4.16.3 - Contributor+ Path Traversal to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24962",
"STATE": "PUBLIC",
"TITLE": "WordPress File Upload \u003c 4.16.3 - Contributor+ Path Traversal to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress File Upload",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
},
{
"product_name": "WordPress File Upload Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.16.3",
"version_value": "4.16.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2677722",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2677722"
},
{
"name": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-41932c207623"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24962",
"datePublished": "2022-03-28T17:21:01.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}