CVE-2015-10138 – “Work The Flow File Upload Plugin for WordPress Arbitrary File Upload Vulnerability”

July 19, 2025

CVE ID : CVE-2015-10138

Published : July 19, 2025, 12:15 p.m. | 11 hours, 38 minutes ago

Description : The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2015-10139 – WPLMS WordPress Privilege Escalation

Next Article CVE-2025-7816 – PHPGurukul Apartment Visitors Management System Cross-Site Scripting Vulnerability

Highlights

CVE-2025-5276 – MCP Markdownify Server SSRF

May 29, 2025

CVE ID : CVE-2025-5276

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2015-10138 – “Work The Flow File Upload Plugin for WordPress Arbitrary File Upload Vulnerability”

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

How Meta’s new teen accounts aim to keep your kids safer on Facebook

Here are 5 good current Microsoft products that have become stagnant — or worse — abandoned

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

I’ve tried Copilot Vision: It felt creepy, yet somewhat useful — Here’s my take

CVE-2025-5276 – MCP Markdownify Server SSRF

Test Deferred Operations Easily with Laravel’s withoutDefer Helper

CVE-2025-46805 – Screen Privilege Escalation TOCTOU Vulnerability

CVE-2025-6112 – Tenda FH1205 Buffer Overflow Vulnerability

CVE-2015-10138 – “Work The Flow File Upload Plugin for WordPress Arbitrary File Upload Vulnerability”

Related Posts