WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress HTML2WP plugin 1.0.0 and earlier versions contain an arbitrary file upload vulnerability that stems from the fact that authorization and CSRF checks are not performed when importing files, nor are they authenticated, and an un unauthenticated attacker can use this vulnerability to upload arbitrary files (such as PHP) on a remote server.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress HTML2WP plugin | le | 1.0.0 |