WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File UploadSign up to our free email alerts service for instant vulnerability notifications!
The WordPress plugin wp-file-upload does not adequately check the filetype before allowing it to be uploaded. It also uploaded files with execute permissions, allowing malicious payloads to be uploaded.
|Proof of Concept||
fixed in version 3.4.1
|Publicly Published||2015-10-29 (about 2 years ago)|
|Added||2015-11-09 (about 2 years ago)|
|Last Updated||2015-11-09 (about 2 years ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|