CVE-2018-12426

2018-07-02T17:29:00
ID CVE-2018-12426
Type cve
Reporter cve@mitre.org
Modified 2019-08-23T18:15:00

Description

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.