RSS   Vulnerabilities for 'Responsive vector maps'   RSS

2022-02-07
 
CVE-2021-24947

CWE-863
 

 
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server

 


Copyright 2024, cxsecurity.com

 

Back to Top