← Back

Work The Flow File Upload

work_the_flow_file_upload

Vendor: Lynton Reed • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-10138
1Lynton Reed
1Work The Flow File Upload
Dec 16, 2025
Jul 19, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2...Show more
The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.Show less