WordPress Plugin Vulnerabilities

Recip.ly < 1.1.8 - Unauthenticated File Upload

Description

A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely.

Affects Plugins

Plugin icon
reciply
Fixed in 1.1.8

References

CVE
CVE-2011-10004

Miscellaneous

Original Researcher
VulDB GitHub Commit Analyzer
Verified
No
WPVDB ID
f17ca227-810b-4eb2-a4cb-c67623bb71a5

Timeline

Publicly Published
2023-10-16 (about 2 years ago)
Added
2023-10-17 (about 2 years ago)
Last Updated
2023-10-17 (about 2 years ago)

Other

Published
Title
Published
2024-10-31
Title
GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
Published
2026-01-23
Title
Hustle < 7.8.9.3 - Subscriber+ Arbitrary File Upload via Module Import
Published
2014-08-01
Title
Deep-Blue 1.9.2 - Arbitrary File Upload
Published
2024-05-09
Title
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Authenticated (Instructor+) Arbitrary File Upload
Published
2024-04-18
Title
Forminator < 1.29.0 - Unauthenticated Arbitrary File Upload