CVE-2025-15546
N/A
N/A
Summary
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Iptanus File Upload | 0 < 5.1.7 | affected |
Weaknesses
- CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.