RSS   Vulnerabilities for 'Wp-curriculo vitae free'   RSS

2021-04-12
 
CVE-2021-24222

CWE-434
 

 
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.

 


Copyright 2024, cxsecurity.com

 

Back to Top