Work The Flow File Upload

Vulnerabilities 9Slug work-the-flow-file-uploadLatest version 3.1.4Plugin page →

Minimum safe version

2.5.3

Update to 2.5.3 or later to address 8 fixable vulnerabilities

Latest available3.1.4 ✓Affected up to1.2.1 ⚠

Critical 9.8 Closed

2025-07-19< 2.5.3

CVE-2015-10138

N/A Closed

< 2.4

Work The Flow File Upload < 2.4 - wp-admin/admin-ajax.php accept_file_types Parameter Manipulation File Upload Restriction Bypass

N/A Closed

< 2.3.2

Work-The-Flow 1.2.1 - Shell Upload

N/A Closed

< 2.5.3

Work The Flow File Upload <= 2.5.2 - Shell Upload

N/A Closed

2014-10-12< 2.3.2

Work The Flow <= 2.3.1 - Arbitrary File Upload

N/A Closed

2015-03-14< 2.5.3

Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload

N/A Closed

2015-04-21< 2.5.3

WordPress Work The Flow Plugin - Upload Vulnerability

N/A Closed

2015-04-05< 2.5.3

WordPress Work The Flow File Upload 2.5.2 - Arbitrary File Upload

N/A Closed

2014-04-24≤ 1.2.1

WordPress Work The Flow Plugin 1.2.1 - Arbitrary File Upload