The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.

Code4rena


Top auditors compete to keep high severity bugs out of production. Start a public or private audit within 48 hours.

Listed: