3 matches found
CVE-2021-3120
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must ...
CVE-2021-3120
creationtimestamp| type| source ---|---|--- 2021-02-22 18:33:33+00:00| seen| https://t.me/cibsecurity/23932...
CVE-2021-3120
CVE-2021-3120 affects the WordPress plugin YITH WooCommerce Gift Cards Premium (versions prior to 3.3.1). The vulnerability is an arbitrary file upload leading to RCE , triggered when a valid Gift Card product is added to the cart and the parameter ywgc-upload-picture accepts a PHP file, storing ...