WordPress File Upload <= 2.7.6 - Multiple Vulnerabilities



Description
The plugin allows upload of file extensions that may lead to code execution, such as php4 or php5. 

Additionally, it allows an admin user to rename files and thus change the extension of uploaded files, leading to code execution. There is no CSRF protection for this.

The plugin also allows for the download of arbitrary files by an admin.

There are also a couple of XSS vulnerabilities.

Affects Plugin

fixed in version 3.0.0

References

CVE 2015-9340
URL https://web.archive.org/web/20160803235621/https://software-talk.org/blog/2015/07/code-execution-csrf-xss-vulnerability-wordpress-file-upload-plugin/

Classification

Type MULTI

Miscellaneous

Submitter Tim Coen
Views 4499
Verified No
WPVDB ID 8070

Timeline

Publicly Published 2015-07-02 (about 5 years ago)
Added 2015-07-03 (about 5 years ago)
Last Updated 2019-11-28 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin