PT-2019-7299 · WordPress · Wp-File-Upload

Published

2019-08-22

Updated

2019-08-29

CVE-2015-9340

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions wp-file-upload plugin versions prior to 3.0.0

Description The issue is related to insufficient restrictions on file uploads, specifically affecting php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary file types until the update is applied.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2015-9340

Affected Products

Wp-File-Upload

PT-2019-7299 · WordPress · Wp-File-Upload

CVE-2015-9340

Weakness Enumeration

Related Identifiers

Affected Products

References · 3