WordPress File Upload
nickboss
Developer
5.1.5
Latest version
10,000
Installations
9 hours ago
Last updated
Vulnerability history
0 present
20 fixed
9 Mitigation rules
- Cross-Site Request Forgery in wfu_file_details vulnerability<= 4.25.2Feb 24, 2025
- Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion vulnerability<= 4.24.15Jan 7, 2025
- Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php vulnerability<= 4.24.13Jan 7, 2025
- Unuathenticated Remote Code Execution vulnerability<= 4.24.12Jan 7, 2025
- Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal vulnerability<= 4.24.15Jan 7, 2025
- Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php vulnerability<= 4.24.11Oct 14, 2024
- Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability<= 4.24.8Aug 16, 2024
- Unauthenticated Stored XSS vulnerability< 4.24.8Aug 7, 2024
- Reflected XSS vulnerability< 4.24.8Aug 6, 2024
- Broken Access Control + CSRF vulnerability<= 4.24.7Aug 1, 2024
- Authenticated (Contributor+) Directory Traversal vulnerability<= 4.24.7Jul 16, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 4.24.5Apr 1, 2024
- Authenticated(Administrator+) Stored Cross-Site Scripting vulnerability< 4.23.3Sep 14, 2023
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.16.3May 16, 2022
- Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)<= 4.16.2Mar 1, 2022
- Stored Cross-Site Scripting (XSS) via Malicious SVG vulnerability<= 4.16.2Feb 14, 2022
- Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability<= 4.16.2Feb 14, 2022
- Directory Traversal vulnerability leading to Remote Code Execution (RCE)<= 4.12.2Mar 13, 2020
- Cross-Site Scripting (XSS) vulnerability<= 4.3.3Apr 9, 2018
- Cross-Site Scripting via Shortcodes<= 4.3.2Apr 3, 2018