CVE-2024-13494

Name of the Vulnerable Software and Affected Versions WordPress File Upload plugin versions up to 4.25.2

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wfu file details function. This allows unauthenticated attackers to modify user data details associated with uploaded files by tricking a site administrator into performing an action, such as clicking on a link.

Recommendations For WordPress File Upload plugin versions up to 4.25.2, update to a version later than 4.25.2 to resolve the issue. As a temporary workaround, consider restricting access to the wfu file details function to minimize the risk of exploitation.