Work The Flow File Upload < 2.4 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass

Sign up to our free email alerts service for instant vulnerability notifications!

Description
See https://github.com/wpscanteam/wpscan/issues/673#issuecomment-53972233

Affects

Plugin work-the-flow-file-upload
fixed in version 2.4

References

PACKETSTORM 126333
SECUNIA 58216
SECURITYFOCUS 67083

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Views 129
Verified Yes
WPVDB ID 7220

Timeline

Added 2014-08-01 (over 2 years ago)
Last Updated 2015-05-15 (over 1 year ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.