The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-09T05:33:26.513Z

Updated: 2024-08-02T06:33:05.621Z

Reserved: 2023-05-12T20:07:48.332Z

Link: CVE-2023-2688

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-09T06:16:11.217

Modified: 2024-11-21T07:59:05.267

Link: CVE-2023-2688

cve-icon Redhat

No data.