ThreatPress

WordPress Vulnerabilities Database

Back

WordPress File Upload Plugin <= 3.4.0 - Unauthenticated File Upload

Product
File Upload
Description
Because of this unauthenticated malicious file upload vulnerability, attackers can upload malicious payloads.
Solution
Upgrade the plugin.
Classification
Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References
WordPress
CVE
Name CVE-N/A
Versions
Affected In <= 3.4.0
Fixed In 3.4.1
Disclosure date
2015-10-29
Submitter
ThreatPress