Design/Logic Flaw

2018-04-2517:29:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

62.3%

JSON

The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.

CPENameOperatorVersion
wordpress_flash_uploaderlt3.1.3

CPE	Name	Operator	Version
	wordpress_flash_uploader	lt	3.1.3

References

wordpress.org/plugins/wordpress-flash-uploader/changelog/

wordpress.org/support/topic/vulnerability-discovered-2/