CVE-2015-10138 – “Work The Flow File Upload Plugin for WordPress Arbitrary File Upload Vulnerability”

July 19, 2025

CVE ID : CVE-2015-10138

Published : July 19, 2025, 12:15 p.m. | 11 hours, 38 minutes ago

Description : The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2015-10139 – WPLMS WordPress Privilege Escalation

Next Article CVE-2025-7816 – PHPGurukul Apartment Visitors Management System Cross-Site Scripting Vulnerability

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2015-10138 – “Work The Flow File Upload Plugin for WordPress Arbitrary File Upload Vulnerability”

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

CVE-2025-27578 – Pixmeo OsiriX MD Denial-of-Service Use-After-Free Vulnerability

Sony WH-1000XM6 vs WH-1000XM5: Should you upgrade to the newest headphones?

Austrian deeptech Hololight secures €10M for XR pixel-streaming tech

Microsoft patents a foldable phone with a Surface Kickstand. It looks like a portable Windows 11 phone

Forget AirTag: This Bluetooth tracker is my top pick for both iPhone and Android users

CVE-2025-27128 – OpenHarmony TCB Use After Free Arbitrary Code Execution

CVE-2024-11857 – Realtek Bluetooth HCI Adaptor Link Following Privilege Escalation

Fn Lock Key: How to Lock & Unlock Fn Key in Windows 10 & 11

CVE-2015-10138 – “Work The Flow File Upload Plugin for WordPress Arbitrary File Upload Vulnerability”

Related Posts