CVE-2011-10041
Uploadify <= 1.0 Unauthenticated Arbitrary File Upload
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution by uploading executable content to a web-accessible location.
| CWE | CWE-434 |
| Vendor | steven |
| Product | uploadify |
| Published | Jan 15, 2026 |
| Last Updated | May 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for steven uploadify
Be the first to know when new unknown vulnerabilities affecting steven uploadify are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Steven / Uploadify
0 ≤ 1.0
References
packetstorm.news: https://packetstorm.news/files/id/98652 wpscan.com: https://wpscan.com/vulnerability/6946364c-9764-468e-87d5-2dd57e531985/ wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/uploadify/uploadify-10-arbitrary-file-upload acunetix.com: https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-uploadify-remote-file-upload-1-0/ vulncheck.com: https://www.vulncheck.com/advisories/uploadify-unauthenticated-arbitrary-file-upload
Credits
b0telh0 from GotGeek Labs