2 matches found
CVE-2021-24490
The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...
CVE-2021-24490
The CVE-2021-24490 entry concerns the WordPress plugin Email Artillery (MASS EMAIL) up to version 4.1, where the Import Emails feature allows arbitrary file uploads due to improper validation and also lacks CSRF protection. The root cause is failure to properly check uploaded files and the absenc...