RSS   Vulnerabilities for 'Powerpress'   RSS

2021-03-18
 
CVE-2021-24123

CWE-434
 

 
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.

 

 >>> Vendor: Blubrry 3 Products
Powerpress podcasting
Subscribe sidebar
Powerpress


Copyright 2024, cxsecurity.com

 

Back to Top