WordPress File Upload, CVE-2020-10564

CVE, Research URL: CVE-2020-10564
Home page URL: Security reports for WordPress File Upload
Application: WordPress File Upload
Published on: Mar 14, 2020
Research Description: An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.
Affected versions: Min -, max 4.13.0.
Status: vulnerable