RSS   Vulnerabilities for 'Conditional marketing mailer'   RSS

2021-05-14
 
CVE-2021-24190

CWE-285
 

 
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

 

 >>> Vendor: Wp-buy 3 Products
Visitor traffic real time statistics
Conditional marketing mailer
Seo redirection-301 redirect manager


Copyright 2022, cxsecurity.com

 

Back to Top