The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. The associated identifier of this vulnerability is VDB-248219. It is recommended to upgrade the affected component. Upgrading to version 4.52.01 is able to address this issue. The exploit has been disclosed to the public and may be used. The manipulation leads to code injection. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. A vulnerability was found in kalcaddle KodExplorer up to 4.51.03.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |