CVE-2011-3129
WordPress 3.1-3.1.2 - Arbitrary File Upload via Dangerous Filename Handling
Title source: llmDescription
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47995
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49138
Patch x_refsource_confirm
http://wordpress.org/news/2011/05/wordpress-3-1-3/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2470
Scores
EPSS
0.0061
EPSS Percentile
70.1%
Details
CWE
CWE-264
Status
published
Products (4)
wordpress/wordpress
3.1
wordpress/wordpress
3.1.1
wordpress/wordpress
3.1.2
wordpress/wordpress
3.2 beta1
Published
Aug 10, 2011
Tracked Since
Feb 18, 2026