WordPress Filr plugin allows attackers to upload malicious files to a web server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

WordPress Filr plugin allows attackers to upload malicious files to a web server

CVE-2026-28133

Summary

This flaw in the Filr plugin for WordPress allows an attacker to upload a malicious file, such as a web shell, to the website, which can be used to take control of the server. This can lead to unauthorized access and potentially allow the attacker to delete or modify website content. To stay safe, update the Filr plugin to version 1.2.13 or later.

Original title

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.12.

Original description

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.12.

Vulnerability type

CWE-434 Unrestricted File Upload

https://patchstack.com/database/Wordpress/Plugin/filr-protection/vulnerability/w...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026