What are the security reasons to disallow Microsoft Word uploads?

.doc files can contain executable scripts, and there is no way to make sure they are safe. The same applies to SVG and some other file types.

If WordPress would accept .doc files from any user with the capability upload_files, these files could be used to send malicious code to visitors.

Related Posts:

  1. simple solution for restricting access to (some) uploads/downloads
  2. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  3. What permissions does wp-content/uploads need?
  4. can not upload file .vtt on wordpress 5.0.1
  5. Password protect some uploaded files, so only logged-in users can view them
  6. How to protect uploads in multisite if user is not logged in?
  7. File Upload Permissions
  8. Extend the list of MIME-types supported by the builtin uploader in 3.3
  9. How to safely allow user upload on CPTs?
  10. making media URL secured
  11. Is it safe to allow non-admin users access to media uploader
  12. Is it safe to upload JSON files to upload folder?
  13. Setting up a HIPAA secured form / file upload
  14. Where to store sensitive uploaded file?
  15. WP upload/select image , isn’t this a security issue?
  16. What is the best way to upload a temporary & sensitive file and then delete it when done
  17. Basic File/Post restriction plugin
  18. Auto shortlink for file uploads
  19. How to parse an image that was just uploaded to make sure it doesn’t contain malicious code?
  20. How to Protect Uploads, if User is not Logged In?
  21. Plupload Intergration in a meta-box?
  22. Trigger refresh for new media manager in 3.5
  23. Physical organization of wordpress media library (Real Media Library plugin)
  24. Can I upload media to a specific folder?
  25. wp_upload_dir how to get just the directory name .
  26. How to generate thumbnails when needed only?
  27. Limit image upload to one and disable audio, video and other document file types to upload
  28. How to add new tab to media upload manager with custom set of images?
  29. No Thumbnails Generated
  30. Media files exist in upload folder but not showing up
  31. How to Require a Minimum Image Dimension for Uploading?
  32. How to upload files straight to S3 without using local storage? [closed]
  33. Extend Media Library
  34. How does WP media uploader create the 3 different sized images, and how can I duplicate it
  35. How to make “Upload files”selected by default in Insert Media?
  36. WordPress 3.5: Setting custom “full URL path to files” in the Media Library?
  37. Get $image_id after uploading with media_sideload_image()
  38. what happens to existing media files when I switch to year/month directory structure format?
  39. Reject upload of wrong-sized images using the Media Uploader
  40. WordPress Media Uploader events
  41. How to show all available images in WP’s media library when using the Polylang plugin?
  42. how to upload and allow downloads of .mobi and .epub formats
  43. Upload post thumbnail from the front end
  44. Allowing WebP uploads?
  45. Give users a maximum upload capacity; limit the number of files a user can upload OR limit the number of files per upload
  46. How to add a custom field to the media screen (image/gallery)?
  47. Can’t upload media, permissions are correct
  48. How to assign multiple file-mime-types to extension?
  49. Saving Media – Which Hook is Fired?
  50. Set limit to media upload?
  51. Is it possible to reorganize the WordPress uploads directory?
  52. Handling front-end file uploads, considering safety and ease of use
  53. WordPress 3.5: Switch back to Old Media Uploader?
  54. Save camera info as metadata on image upload?
  55. Media upload finished hook
  56. Users can’t upload images on frontend if they haven’t got access to the wp backend
  57. How to upload SVG in WordPress 4.9.8?
  58. How Can I Organize the Uploads Folder by Slug (or ID, or FileType, or Author)?
  59. How can I batch delete all unattached images with WP-CLI or other automated process?
  60. Can upload doc and pdf but not ppt – not permitted for security reasons
  61. Create image formats with different qualities when uploading
  62. Rename files during upload using variables
  63. upload_async.php returns 500 error
  64. Which filters or actions to use after a media upload and delete?
  65. Organize uploads by year, month and day
  66. wp_delete_attachment doesn’t delete images in wp-content/uploads/
  67. Display attachments by ID in a wp.media frame
  68. Force WordPress 3.3 to use Flash uploader
  69. Use a separate custom table (not posts) to handle file upload data
  70. Upload folder is not writable, even when permissions are correct
  71. Different upload directory based on post type in a theme
  72. Media not actually deleted on disk when click “Permanent Delete”
  73. Image upload callback in new 3.5 media
  74. retrieve custom image sizes from media uploader javascript object
  75. Add inline uploader to plugin option page
  76. How to wp_upload_bits() to a sub-folder?
  77. Using same directory for storing all uploaded images on a WordPress network
  78. Insert images to post not working
  79. Is it possible to allow zip files to be uploaded in WordPress?
  80. How to restrict images in v3.5 Media Library modal to only those from a specific post id?
  81. Allow CSV files to be uploaded
  82. Contact Form 7 – process form using a PHP script, instead of mailing [closed]
  83. Get an uploaded attachments local server path?
  84. How to add more upload directories?
  85. Change WordPress upload path and URL
  86. Could a large quantity of files in the uploads folder affect performance?
  87. PNG with transparent background turns black when uploaded and resized
  88. “Add Media” only shows “Full Size” under Attachment Display Settings
  89. Differentiate Featured Image from Post Images upon Upload
  90. WP 3.3 > Still no option to enable automatic image overwrites?
  91. Where do the favicons for Media Files come from
  92. How are the year and month folders added to the uploads directory?
  93. Where does wordpress store the FTP credentials?
  94. WP 3.5 media manager – how to create a working gallery frame
  95. Custom upload directory per CPT; when removed, file not deleted
  96. What might cause a POST to wp-admin/async-upload.php to return JSON >and< HTML?
  97. How to manage a standalone media folder?
  98. Send attachments via wp_mail from temporary folder
  99. Modify featured image path to Amazon S3
  100. wp_generate_attachment_metadata returns empty array

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)