Description

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Remediation

References

CVE-2008-2392

Related Vulnerabilities

WordPress Plugin Persian Woocommerce SMS Cross-Site Scripting (3.3.2)

WordPress Plugin Facebook Photo Fetcher Unspecified Vulnerability (2.1.17)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32768)

WordPress Plugin Mobiloud-Native Mobile Apps for your WordPress site (iPhone, iPad, Android) Multiple Cross-Site Scripting Vulnerabilities (2.3.7)

Perl Improper Certificate Validation Vulnerability (CVE-2023-31486)

Severity

Critical

Classification

CVE-2008-2392 CWE-20

Tags

Missing Update Known Vulnerabilities