Insufficient File Upload Restrictions in wp-file-upload Plugin for WordPress
CVE-2015-9338

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WordPress File Upload
Vendor: CVE Published:; 22 August 2019

What is CVE-2015-9338?

The wp-file-upload plugin for WordPress is susceptible to vulnerabilities due to inadequate restrictions on file uploads, particularly allowing the upload of .php files. This oversight can allow malicious users to exploit the system by uploading potentially harmful scripts that could be executed on the server, leading to unauthorized access or system compromise.

References

https://wordpress.org/plugins/wp-file-upload/#developers

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2019
Vulnerability Reserved
Aug 22, 2019

CVE-2015-9338 Data

JSON

Wordpress

What is CVE-2015-9338?

References

CVSS V3.1

Timeline