CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5199

Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.5%

CVSS Severity

CVSS v2 Score 6.8

References

http://secunia.com/advisories/60520
http://wordpress.org/plugins/wp-file-upload/changelog
http://secunia.com/advisories/60520
http://wordpress.org/plugins/wp-file-upload/changelog

Products affected by CVE-2014-5199

Wordpress File Upload Project » Wordpress File Upload » Version: Any

cpe:2.3:a:wordpress_file_upload_project:wordpress_file_upload:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5199

Products

Pricing

Contact Us