Nickboss Iptanus File Upload
11 CVEs affecting Nickboss Iptanus File Upload. Latest disclosed: 2025-02-25. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-11635 | Critical | 9.8 | 2025-01-08 | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cooki… |
CVE-2024-11613 | Critical | 9.8 | 2025-01-08 | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to… |
CVE-2024-9047 | Critical | 9.8 | 2024-10-12 | The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This… |
CVE-2024-9939 | High | 7.5 | 2025-01-08 | The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This… |
CVE-2024-7301 | High | 7.2 | 2024-08-16 | The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 d… |
CVE-2024-2847 | Medium | 6.4 | 2024-04-09 | The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including… |
CVE-2023-2688 | Medium | 4.9 | 2023-06-09 | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the… |
CVE-2023-2767 | Medium | 4.4 | 2023-06-09 | The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up t… |
CVE-2024-13494 | Medium | 4.3 | 2025-02-25 | The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing… |
CVE-2024-12719 | Medium | 4.3 | 2025-01-07 | The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subf… |
CVE-2024-5852 | Medium | 4.3 | 2024-07-16 | The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter… |