WordPress File Upload < 3.0.0 – Multiple Vulnerabilities | CVE 2015-9340

Description

The plugin allows upload of file extensions that may lead to code execution, such as php4 or php5.

Additionally, it allows an admin user to rename files and thus change the extension of uploaded files, leading to code execution. There is no CSRF protection for this.

The plugin also allows for the download of arbitrary files by an admin.

There are also a couple of XSS vulnerabilities.

Affects Plugins

wp-file-upload

Fixed in 3.0.0

References

CVE

CVE-2015-9340

URL

https://web.archive.org/web/20160803235621/https://software-talk.org/blog/2015/07/code-execution-csrf-xss-vulnerability-wordpress-file-upload-plugin/

Miscellaneous

Submitter

Tim Coen

Verified

WPVDB ID

b4e1b114-ae7e-469c-9a25-528e48370c81

Timeline

Publicly Published

2015-07-02 (about 10 years ago)

Added

2015-07-03 (about 10 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2014-08-01

Title

IWantOneButton 3.0.1 - Multiple Vulnerabilities

Published

2020-03-17

Title

Custom Post Type UI < 1.7.4 - CSRF to Stored XSS

Published

2019-07-23

Title

WPS Limit Login <= 1.4.5 - Multiple Issues

Published

2019-04-05

Title

Form Maker by 10Web < 1.13.5 - Cross-Site Request Forgery (CSRF) to LFI

Published

2014-08-01

Title

Let Them Unsubscribe 1.0 - let-them-unsubscribe.php Multiple Unspecified Issues