WordPress File Upload Plugin 2.7.6: Code Execution, CSRF, XSS, Information Disclosure

  • Vulnerability: Code Execution, CSRF, XSS, Information Disclosure
  • Affected Software: WordPress File Upload (WordPress Plugin)
  • Affected Version: 2.7.6 (probably also prior versions)
  • Patched Version: 3.0.0
  • Risk: High
  • Vendor Contacted: 2015-06-30
  • Vendor Fix: 2015-07-02
  • Public Disclosure: 2015-07-02
Continue