CVE-2014-5199

WordPress File Upload < 2.4.1 - Cross-Site Request Forgery via Plugin Settings Change

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
http://wordpress.org/plugins/wp-file-upload/changelog
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60520

Scores

EPSS 0.0097
EPSS Percentile 57.7%

Details

CWE
CWE-352
Status published
Products (1)
wordpress_file_upload_project/wordpress_file_upload < 2.4.1
Published Aug 12, 2014
Tracked Since Feb 18, 2026