WordPress Plugin Vulnerabilities

Woopra < 1.4.3.2 - Unauthenticated Arbitrary File Upload

Description

The plugin contains a file which could allow unauthenticated attackers to upload arbitrary files to the web server, leading to RCE

Affects Plugins

Plugin icon
woopra
Fixed in 1.4.3.2

References

URL
https://packetstormsecurity.com/files/#123525/
URL
https://plugins.trac.wordpress.org/changeset/186046/woopra
URL
https://github.com/espreto/wpsploit/blob/master/modules/exploits/unix/webapp/wp_woopra_analytics_file_upload.rb

Miscellaneous

Original Researcher
wantexz
Verified
Yes
WPVDB ID
02f35b67-f653-4824-960b-12b7e16b5791

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2022-01-06 (about 4 years ago)

Other

Published
Title
Published
2012-07-07
Title
Front End Editor < 2.3 - Arbitrary File Upload
Published
2021-03-26
Title
WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE
Published
2025-07-17
Title
MasterStudy LMS – Online Courses, eLearning PRO Plus < 4.7.10 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2015-07-12
Title
WP Front-End Repository Manager <= 1.1 - Arbitrary File Upload
Published
2025-03-11
Title
ThemeEgg ToolKit <= 1.2.9 - Authenticated (Administrator+) Arbitrary File Upload