CVE-2025-15546

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

14/06/2026

Last modified:

14/06/2026

Description

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.

Impact

References to Advisories, Solutions, and Tools

https://wpscan.com/vulnerability/06e33418-1644-49a1-b012-122046604109/