Описание
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.
Ссылки
- Vendor Advisory
- ExploitPatch
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatch
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.
The default configuration of WordPress before 3.6.1 does not prevent u ...
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.
EPSS
3.5 Low
CVSS2