CVE-2014-5014

CVE-2014-5014

EPSS 3.6%

The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wordpress.org/plugins/wordpress-flash-uploader/changelog/https://wordpress.org/support/topic/vulnerability-discovered-2/