Description

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

Remediation

References

CVE-2011-3129

Related Vulnerabilities

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Cross-Site Scripting (7.1.0)

MySQL CVE-2012-3180 Vulnerability (CVE-2012-3180)

WordPress Plugin Circles Gallery Cross-Site Scripting (1.0.10)

WordPress Plugin WooCommerce Help Scout Arbitrary File Upload (2.9)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36096)

Severity

Critical

Classification

CVE-2011-3129 CWE-264

Tags

Missing Update Known Vulnerabilities