Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.
https://exchange.xforce.ibmcloud.com/vulnerabilities/42561
http://www.securityfocus.com/bid/29276
http://www.securityfocus.com/archive/1/492230/100/0/threaded
http://securityreason.com/securityalert/3897
Source: Mitre, NVD
Published: 2008-05-21
Updated: 2026-06-16
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
Base Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.0171