2 matches found
CVE-2023-4536
creationtimestamp| type| source ---|---|--- 2024-01-23 23:16:23+00:00| seen| https://t.me/ctinow/172381...
CVE-2023-4536
CVE-2023-4536 concerns the WordPress plugin My Account Page Editor (pre-1.3.2). The issue is a missing validation of the uploaded profile picture, enabling any authenticated user (e.g., a subscriber) to upload arbitrary files to the server, which can lead to remote code execution (RCE). The root ...