WordPress File Upload 8

To plugin page Claim VDP

WordPress WordPress File Upload Plugin <= 4.16.2 is vulnerable to Directory Traversal

Patch immediately High priority

Not known to be exploited Report an attack

8.8

High severity CVSS 3.1 score

Patchstack automatically mitigates this vulnerability with a vPatch.

Enable Protection

Patchstack Professional users are protected since 09.12.2022

Enable Protection

Solution

Update to fix

vPatch available

Update the WordPress File Upload plugin to the latest available version (at least 4.16.3).

apple502j discovered and reported this Directory Traversal vulnerability in WordPress WordPress File Upload Plugin. This could allow a malicious actor to see all files in a given directory or determine if certain files/directories exist in given folder. This can be used to exploit other weaknesses in the system This vulnerability has been fixed in version 4.16.3.

Other vulnerabilities in this plugin

0 present

8 patched

View all