RSS   Vulnerabilities for 'Access demo importer'   RSS

2021-10-11
 
CVE-2021-39317

CWE-434
 

 
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the ~/inc/demo-functions.php.

 

 >>> Vendor: Accesspressthemes 9 Products
Ultimate-form-builder-lite
Anonymous post pro
Wp floating menu
Accesspress social icons
Access demo importer
Wp cookie user info
Form store to db
Ap custom testimonial
Ap mega menu


Copyright 2022, cxsecurity.com

 

Back to Top