Arbitrary file upload in Steven Uploadify

CVE-2011-10041

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affe…

Vulnerability class: Unrestricted File Upload

EPSS: 0.008 (52.0th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References