PT-2025-34960 · WordPress · Wp Ulike Pro
Wesley
·
Published
2025-08-28
·
Updated
2025-08-28
·
CVE-2024-9648
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
WP ULike Pro versions prior to 1.9.4
Description:
The WP ULike Pro plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the
WP Ulike Pro File Uploader class. This allows unauthenticated attackers to upload arbitrary files, including .php2, .php6, .php7, .phps, .pht, .phtm, .pgif, .shtml, .phar, .inc, .hphp, .ctp, .module, .html, and .svg, to the server. Successful exploitation may enable further attacks, such as Cross-Site Scripting.Recommendations:
Update WP ULike Pro to version 1.9.4 or later.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Ulike Pro