WordPress Plugin Vulnerabilities

Flash Uploader <= 3.1.2 - Arbitrary Comm& Execution

Description

The WordPress Flash Uploader WordPress plugin was affected by an Arbitrary Comm& Execution security vulnerability.

Affects Plugins

Plugin icon
wordpress-flash-uploader
Fixed in 3.1.3

References

CVE
CVE-2014-5014
URL
https://g0blin.co.uk/cve-2014-5014/

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
9.8 (critical)

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
e7df8bb2-e3fb-4da2-9d3a-82fa183ab237

Timeline

Publicly Published
2014-09-22 (about 11 years ago)
Added
2014-09-22 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-07-16
Title
Alone <= 7.8.3 - Unauthenticated Remote Code Execution
Published
2014-06-20
Title
Disqus <= 2.75 - Remote Code Execution (RCE)
Published
2022-04-12
Title
Multiple Plugins from Cool Plugins - Subscriber+ Arbitrary Plugin Installation & Activation
Published
2025-11-10
Title
Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-11-08
Title
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.13.1 - Unauthenticated Arbitrary Shortcode Execution