| CVE | Not available |
|---|---|
| CVSS | Medium (4.8) |
| Publicly Published | August 13, 2022 |
| Last Updated | January 22, 2024 |
The Protect uploads plugin for WordPress failed to use a capability check and leaked the nonce necessary to save changes in the protect-uploads-admin-settings-page.php file. This meant that attackers able to successfully load this file in the context of WordPress, such as through a separate local file inclusion vulnerability, could save changes to the plugin settings. Note that while the file did allow direct access, this was not sufficient to obtain sensitive information or make changes on its own.
References| Software Type | Plugin |
|---|---|
| Software Slug | protect-uploads (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
Copyright 2012-2026 Defiant Inc.
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.
License Detail.