ThreatPress

WordPress Vulnerabilities Database

Back

WordPress File Upload Plugin <= 3.8.5 - Insufficient File Extension Blacklisting

Product
File Upload
Description
Because of this vulnerability, it is possible to bypass the protection by using some extensions: .shtml, .jsp, .cer etc.
Solution
Upgrade this plugin.
Classification
Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References
Bini Tech
CVE
Name CVE-N/A
Versions
Affected In <= 3.8.5
Fixed In 3.9.0
Disclosure date
2016-06-23
Submitter
ThreatPress