QwikSec

Security Database

CVE

CWE

Training

CVE-2011-10041

Published: Jan 15, 2026

Modified: May 14, 2026

PUBLISHED

Description

Uploadify WordPress plugin versions up to and including 1.0 contain an arbitrary file upload vulnerability in process_upload.php due to missing file type validation. An unauthenticated remote attacker can upload arbitrary files to the affected WordPress site, which may allow remote code execution by uploading executable content to a web-accessible location.

Vendor	Product	Versions
Steven	Uploadify	affected `0 - <= 1.0`

Weaknesses (CWE)

References

https://packetstorm.news/files/id/98652

exploit

https://wpscan.com/vulnerability/6946364c-9764-468e-87d5-2dd57e531985/

third-party-advisory

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/uploadify/uploadify-10-arbitrary-file-upload

third-party-advisory

https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-uploadify-remote-file-upload-1-0/

third-party-advisory

https://www.vulncheck.com/advisories/uploadify-unauthenticated-arbitrary-file-upload

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.