ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP User Frontend Plugin 2.3.10 - Unrestricted File Upload

Product
WP User Frontend
Description
Because of this vulnerability, anyone can upload files to the web server by performing certain "wpuf_file_upload" or "wpuf_insert_image" actions.
Solution
Upgrade the plugin.
Classification
Type Local File Inclusion
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.3.10
Fixed In 2.3.11
Disclosure date
2016-02-08
Credits
Panagiotis Vagenas