WP EasyCart plugin is prone to an unrestricted file upload vulnerability that exists because the /inc/amfphp/administration/banneruploaderscript.php does not properly clean up user-uploaded files. An attacker can do the script with the privileges of the web server by making a direct request to the uploaded file.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
wp easycart | le | 3.0.8 |