CVE: CVE-2023-2688 CVSS Score: 4.9 (Medium) Publicly Published: May 23, 2023 Last Updated: June 9, 2023 Researcher: Marco Wotschka - Wordfence Affected Plugins: - Iptanus File Upload: - Software Type: Plugin - Software Slug: wp-file-upload - Patched: Yes - Remediation: Update to version 4.19.2, or a newer patched version - Affected Version: <= 4.19.1 - Patched Version: 4.19.2 - WordPress File Upload Pro: - Software Type: Plugin - Software Slug: wordpress-file-upload-pro - Patched: Yes - Remediation: Update to version 4.19.2, or a newer patched version - Affected Version: <= 4.19.1 - Patched Version: 4.19.2 Description: - Path Traversal vulnerability in WordPress File Upload / WordPress File Upload Pro <= 4.19.1. - Authenticated (Administrator+) users could leverage the vulnerability to access or modify files outside the intended directory. - The issue is resolved in version 4.19.2.