216.73.216.133

CVE-2025-15546

· Published 14/06/2026 08:16 · Modified 15/06/2026 20:50

Labels: CVE-2025-15546 2026-06-14CVE-2025-15546[email protected]

Essential information

Published
14/06/2026 08:16
Modified
15/06/2026 20:50
Author
Creator
CISA KEV
No
CWE

Description

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
iptanus / file upload cpe:2.3:a:iptanus:file_upload:*:*:*:*:*:wordpress:*:*

References