Description
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.
Published: 2026-06-14
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Iptanus
Iptanus iptanus File Upload
Wordpress
Wordpress wordpress
Vendors & Products Iptanus
Iptanus iptanus File Upload
Wordpress
Wordpress wordpress

Sun, 14 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Sun, 14 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.
Title Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition
References

Subscriptions

Iptanus Iptanus File Upload
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-06-14T06:00:03.776Z

Reserved: 2026-01-26T14:42:55.951Z

Link: CVE-2025-15546

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-14T08:16:17.040

Modified: 2026-06-15T20:50:47.973

Link: CVE-2025-15546

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:46:51Z

Weaknesses