Authenticated File Upload in Ajax load more <= 2.8.1.1
Description
An authenticated person can write arbitrary PHP code to the website by doing a POST query to http://<WP-path>/wp-admin/admin-ajax.php. He can then execute the evil PHP code.
Default
configuration
Profiles
High
Medium
Low
Internet
Action
Block
Block
Block
Block
Alarm Level
Major
Minor
Minor
Major
References
URL:
https://wpvulndb.com/vulnerabilities/8209
Available since
ASQ v5.0.0
Protects
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
Wordpress Multiple Third Party Plugins Multiple Vulnerabilities
100 last CVE
Risk level
High
