7 matches found
CVE-2021-24222
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the formCadastro is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction,...
WordPress Plugin Remote Command Execution Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A remote command execution vulnerability exists in versio...
CVE-2021-24222
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the formCadastro is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction,...
CVE-2021-24222
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the formCadastro is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction,...
CVE-2021-24222
The CVE-2021-24222 entry concerns the WP-Curriculo Vitae Free WordPress plugin (up to v6.3). The vulnerability is an unauthenticated arbitrary file upload via the page containing the [formCadastro] form, where users can submit files for profile pictures and resumes without file extension restrict...
WordPress 插件 代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A remote command execution vulnerability exists in versio...
WordPress WP-Curriculo Vitae Free plugin <= 6.3 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by Jin Huang in WordPress WP-Curriculo Vitae Free plugin versions = 6.3. Solution Plugin closed. Deactivate and delete...