CVE-2025-15546

UNKNOWN 0.0

Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.

Vendor	unknown
Product	iptanus file upload
Published	Jun 14, 2026

Stay Ahead of the Next One

Get instant alerts for unknown iptanus file upload

Be the first to know when new unknown vulnerabilities affecting unknown iptanus file upload are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Iptanus File Upload

0 < 5.1.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/06e33418-1644-49a1-b012-122046604109/

Credits

Luca Jungnickel WPScan