Browse all 3 CVE security advisories affecting WP Upload Restriction. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WP Upload Restriction is a WordPress plugin designed to control file upload capabilities and restrict access to upload functionality. Historically, it has been susceptible to multiple critical vulnerabilities including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation, primarily stemming from insufficient input validation and improper access controls. The plugin's security issues have allowed attackers to upload malicious files, execute arbitrary code, and bypass security restrictions. With three CVEs documented, these vulnerabilities have enabled unauthorized access and potential system compromise, highlighting the risks of inadequate file handling and permission management in WordPress environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-34625 | WP Upload Restriction <= 2.2.3 - Authenticated Stored Cross-Site Scripting — WP Upload RestrictionCWE-79 | 6.4 | Medium | 2021-07-07 |
| CVE-2021-34627 | WP Upload Restriction <= 2.2.3 - Missing Access Control in getSelectedMimeTypesByRole function — WP Upload RestrictionCWE-284 | 4.3 | Medium | 2021-07-07 |
| CVE-2021-34626 | WP Upload Restriction <= 2.2.3 - Missing Access Control in deleteCustomType function — WP Upload RestrictionCWE-284 | 4.3 | Medium | 2021-07-07 |
This page lists every published CVE security advisory associated with WP Upload Restriction. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.