WordPress Vulnerabilities
WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
Description
According to WordPress:
"Tim Coen and Slavco discovered that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability."
Affects WordPress
Fixed in WordPress 3.8.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.9.26
Fixed in WordPress 3.9.26
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 3.9.26
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.1.25
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 4.2.22
Fixed in WordPress 3.8.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 3.9.26
Fixed in WordPress 3.9.26
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.0.25
Fixed in WordPress 4.0.25
Fixed in WordPress 4.0.25
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.2.22
Fixed in WordPress 4.1.25
Fixed in WordPress 4.0.25
Fixed in WordPress 3.9.26
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 4.3.18
Fixed in WordPress 4.3.18
Fixed in WordPress 4.2.22
Fixed in WordPress 4.1.25
Fixed in WordPress 4.0.25
Fixed in WordPress 3.9.26
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 4.4.17
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.4.17
Fixed in WordPress 4.3.18
Fixed in WordPress 4.2.22
Fixed in WordPress 4.1.25
Fixed in WordPress 4.0.25
Fixed in WordPress 3.9.26
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 4.5.16
Fixed in WordPress 4.5.16
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.5.16
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.6.13
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.7.12
Fixed in WordPress 4.6.13
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 4.7.12
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.8.8
Fixed in WordPress 4.8.8
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 4.8.8
Fixed in WordPress 4.8.8
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 4.9.9
Fixed in WordPress 4.9.9
Fixed in WordPress 4.8.8
Fixed in WordPress 4.7.12
Fixed in WordPress 4.6.13
Fixed in WordPress 4.5.16
Fixed in WordPress 4.4.17
Fixed in WordPress 4.3.18
Fixed in WordPress 4.2.22
Fixed in WordPress 4.1.25
Fixed in WordPress 4.0.25
Fixed in WordPress 3.9.26
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 4.9.9
Fixed in WordPress 4.8.8
Fixed in WordPress 4.7.12
Fixed in WordPress 4.6.13
Fixed in WordPress 4.5.16
Fixed in WordPress 4.4.17
Fixed in WordPress 4.3.18
Fixed in WordPress 4.2.22
Fixed in WordPress 4.1.25
Fixed in WordPress 4.0.25
Fixed in WordPress 3.9.26
Fixed in WordPress 3.8.28
Fixed in WordPress 3.7.28
Fixed in WordPress 4.9.9
Fixed in WordPress 4.9.9
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 4.8.8
Fixed in WordPress 4.9.9
Fixed in WordPress 4.9.9
Fixed in WordPress 3.7.28
Fixed in WordPress 3.8.28
Fixed in WordPress 3.9.26
Fixed in WordPress 4.0.25
Fixed in WordPress 4.1.25
Fixed in WordPress 4.2.22
Fixed in WordPress 4.3.18
Fixed in WordPress 4.4.17
Fixed in WordPress 4.5.16
Fixed in WordPress 4.6.13
Fixed in WordPress 4.7.12
Fixed in WordPress 4.8.8
Fixed in WordPress 4.9.9
Fixed in WordPress 4.9.9
Fixed in WordPress 5.0.1
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Tim Coen and Slavco
Submitter
Ryan Dewhurst
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2018-12-13 (about 5 years ago)
Added
2018-12-13 (about 5 years ago)
Last Updated
2020-09-22 (about 3 years ago)