CVE-2014-5199
WordPress File Upload < 2.4.1 - Cross-Site Request Forgery via Plugin Settings Change
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
http://wordpress.org/plugins/wp-file-upload/changelog
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60520
Scores
EPSS
0.0097
EPSS Percentile
57.7%
Details
CWE
CWE-352
Status
published
Products (1)
wordpress_file_upload_project/wordpress_file_upload
< 2.4.1
Published
Aug 12, 2014
Tracked Since
Feb 18, 2026