WordPress File Upload
nickboss
Developer
5.1.7
Latest version
10,000
Installations
No date
Last updated
Vulnerability history
0 present
20 patched
9 Mitigation rules
- Cross-Site Request Forgery in wfu_file_details vulnerability<= 4.25.224/02/2025
- Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion vulnerability<= 4.24.1507/01/2025
- Unauthenticated Path Traversal to Arbitrary File Read in wfu_file_downloader.php vulnerability<= 4.24.1307/01/2025
- Unuathenticated Remote Code Execution vulnerability<= 4.24.1207/01/2025
- Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal vulnerability<= 4.24.1507/01/2025
- Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php vulnerability<= 4.24.1114/10/2024
- Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability<= 4.24.816/08/2024
- Unauthenticated Stored XSS vulnerability< 4.24.807/08/2024
- Reflected XSS vulnerability< 4.24.806/08/2024
- Broken Access Control + CSRF vulnerability<= 4.24.701/08/2024
- Authenticated (Contributor+) Directory Traversal vulnerability<= 4.24.716/07/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 4.24.501/04/2024
- Authenticated(Administrator+) Stored Cross-Site Scripting vulnerability< 4.23.314/09/2023
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.16.316/05/2022
- Contributor+ Path Traversal vulnerability leading to Remote Code Execution (RCE)<= 4.16.201/03/2022
- Stored Cross-Site Scripting (XSS) via Malicious SVG vulnerability<= 4.16.214/02/2022
- Contributor+ Stored Cross-Site Scripting (XSS) via Shortcode vulnerability<= 4.16.214/02/2022
- Directory Traversal vulnerability leading to Remote Code Execution (RCE)<= 4.12.213/03/2020
- Cross-Site Scripting (XSS) vulnerability<= 4.3.309/04/2018
- Cross-Site Scripting via Shortcodes<= 4.3.203/04/2018