RSS   Vulnerabilities for 'Access demo importer'   RSS

2021-10-11
 
CVE-2021-39317

CWE-434
 

 
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_installer AJAX action due to a missing capability check in the plugin_offline_installer_callback function found in the ~/inc/demo-functions.php.

 

 >>> Vendor: Accesspressthemes 5 Products
Ultimate-form-builder-lite
Anonymous post pro
Wp floating menu
Accesspress social icons
Access demo importer


Copyright 2021, cxsecurity.com

 

Back to Top