Description
The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/53816136-4b1a-4b7d-b73b-08a90c2a638f
Scores
CVSS v3
7.2
EPSS
0.2467
EPSS Percentile
96.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
Status
published
Products (1)
miniorange/prevent_files_\/_folders_access
< 2.5.2
Published
Sep 25, 2023
Tracked Since
Feb 18, 2026