Описание
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.5 (исключая)Версия до 3.1 (исключая)
Одно из
cpe:2.3:a:geomywp:geo_my_wordpress:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:geomywp:geo_my_wordpress_premium_settings:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 58%
0.00372
Низкий
6.6 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.6
github
около 1 года назад
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
EPSS
Процентиль: 58%
0.00372
Низкий
6.6 Medium
CVSS3
Дефекты
NVD-CWE-noinfo