The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.
History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Iptanus
Iptanus iptanus File Upload
Wordpress
Wordpress wordpress
Vendors & Products Iptanus
Iptanus iptanus File Upload
Wordpress
Wordpress wordpress

Sun, 14 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Sun, 14 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.
Title Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2026-06-14T06:00:03.776Z

Updated: 2026-06-14T06:00:03.776Z

Reserved: 2026-01-26T14:42:55.951Z

Link: CVE-2025-15546

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-14T08:16:17.040

Modified: 2026-06-15T20:50:47.973

Link: CVE-2025-15546

cve-icon Redhat

No data.