CVE-2023-2688

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.

Related Vulnerabilities

CVE-2016-3424

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

NVD-CWE-Other2016

CVE-2016-3459

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via ...

NVD-CWE-Other2016

CVE-2016-3495

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

NVD-CWE-Other2016

CVE-2016-3520

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via ve...

NVD-CWE-Other2016

CVE-2016-5436

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

NVD-CWE-Other2016

CVE-2016-5437

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.

NVD-CWE-Other2016