PT-2026-6057 · WordPress · Wp Foft Loader

Williwollo

Publicado

2026-02-04

Atualizado

2026-02-09

CVE-2026-1756

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP FOFT Loader plugin for WordPress versions through 2.1.39

Description The WP FOFT Loader plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the WP FOFT Loader Mimes::file and ext function. This allows authenticated attackers with Author-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution.

Recommendations Update the WP FOFT Loader plugin to a version later than 2.1.39.

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2026-1756

Produtos afetados

Wp Foft Loader

PT-2026-6057 · WordPress · Wp Foft Loader

CVE-2026-1756

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7