Review
Iptanus
CVE published 2026-06-14
CVE-2025-15546
The Iptanus File Upload WordPress plugin before 5.1.7 is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When the duplicate policy setting is configured to 'maintain both,' an authenticated attacker can overwrite files uploaded by other users due to a TOCTOU vulnerability between the file existence check and the actual file write operation.