Vulnerabilities > CVE-2023-2688 - Unspecified vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
iptanus

Summary

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.

Vulnerable Configurations

Part Description Count
Application
Iptanus
132