25 matches found
Default credentials
The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via esmediaimages to wp-admin/admin-ajax.php...
CVE-2016-10959
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...
CVE-2016-10958
The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via esmediaimages to wp-admin/admin-ajax.php...
WordPress Estatik Plugin <= 2.2.5 - Arbitrary File Upload Vulnerability
A file uploaded vulnerability is in WordPress Estatik Plugin in v2.2.5. The issue is in the function espropmediaimages, it allows to upload a file for anyone. Solution Update the plugin...
WordPress Estatik Plugin <= 2.2.5 - Arbitrary File Upload
Because of this vulnerability, an attacker can upload the arbitrary file and put it in the current month’s directory inside of the /wp-content/uploads/ directory. Solution Update the plugin...