RSS   Podatności dla 'Classyfrieds'   RSS

2021-05-06
 
CVE-2021-24253

CWE-434
 

 
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE.

 


Copyright 2024, cxsecurity.com

 

Back to Top