{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T20:15:26.788","vulnerabilities":[{"cve":{"id":"CVE-2011-10041","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-01-15T22:16:08.927","lastModified":"2026-06-16T23:28:31.433","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution by uploading executable content to a web-accessible location."},{"lang":"es","value":"Las versiones del plugin de WordPress Uploadify hasta la 1.0 inclusive contienen una vulnerabilidad de carga arbitraria de archivos en process_upload.php debido a la falta de validación del tipo de archivo. Un atacante remoto no autenticado puede cargar archivos arbitrarios al sitio de WordPress afectado, lo que puede permitir la ejecución remota de código al cargar contenido ejecutable a una ubicación accesible por la web."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Steven","product":"Uploadify","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-20T15:56:15.810926Z","id":"CVE-2011-10041","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://packetstorm.news/files/id/98652","source":"disclosure@vulncheck.com"},{"url":"https://wpscan.com/vulnerability/6946364c-9764-468e-87d5-2dd57e531985/","source":"disclosure@vulncheck.com"},{"url":"https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-uploadify-remote-file-upload-1-0/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/uploadify-unauthenticated-arbitrary-file-upload","source":"disclosure@vulncheck.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/uploadify/uploadify-10-arbitrary-file-upload","source":"disclosure@vulncheck.com"},{"url":"https://packetstorm.news/files/id/98652","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}