CVE-2013-1916

CVE-2013-1916

Vendor N/A
Product WordPress Plugin User Photo
Weakness CWE-434 · Unrestricted file upload
Published June 24, 2022
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.

Key dates

02Disclosure timeline

June 24, 2022 CVE published
August 6, 2024 Record updated