WordPress Plugin Vulnerabilities

Csv2WPeC Coupon <= 1.1 - Unauthenticated Remote File Upload

Description

The code in csv2wpecCoupon_FileUpload.php does not properly sanitize user input, it checks the file mime-type for type x-php but this can be tricked when using the short code for <?php as <? and a file extension of .pht. This allows a malicious user to upload executable files to a vulnerable WordPress installation.

Proof of Concept

Affects Plugins

Plugin icon
csv2wpec-coupon
No known fix

References

CVE
CVE-2015-1000013

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98
CVSS
7.8 (high)

Miscellaneous

Submitter
Larry W. Cashdollar
Submitter twitter
_larry0
Verified
No
WPVDB ID
0d37baf3-0884-4e3c-9853-1f4c42a409a3

Timeline

Publicly Published
2015-09-14 (about 10 years ago)
Added
2015-09-16 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-04
Title
Unicamp < 2.7.2 - Authenticated (Contributor+) Local File Inclusion
Published
2023-10-31
Title
The Plus Addons for Elementor Pro < 5.2.9 - Unauthenticated Local File Inclusion
Published
2026-01-23
Title
Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute
Published
2024-07-11
Title
ExS Widgets < 0.3.2 - Authenticated (Contributor+) Local File Inclusion
Published
2025-09-22
Title
Soledad < 8.6.9 - Authenticated (Contributor+) Local File Inclusion