Lucene search

K
cvelistMitreCVELIST:CVE-2019-8943
HistoryFeb 20, 2019 - 3:00 a.m.

CVE-2019-8943

2019-02-2003:00:00
mitre
www.cve.org
1

6.6 Medium

AI Score

Confidence

High

0.956 High

EPSS

Percentile

99.4%

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and …/ sequences, such as a filename ending with the .jpg?/…/…/file.jpg substring.