10 matches found
CVE-2023-0924
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...
CVE-2023-0924
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...
CVE-2023-0924
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...
CVE-2023-0924 Zyrex Popup <= 1.0 - Admin+ Arbitrary File Upload
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...
CVE-2023-0924 Zyrex Popup <= 1.0 - Admin+ Arbitrary File Upload
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...
CVE-2023-0924
CVE-2023-0924 concerns the Zyrex Popup WordPress plugin (versions
PT-2023-16620 · WordPress · Zyrex Popup
Name of the Vulnerable Software and Affected Versions: ZYREX POPUP WordPress plugin versions 1.0 and earlier Description: The issue allows a high privileged user, such as an Administrator, to upload arbitrary files when creating a popup, even when modifying the file system is disallowed, such as ...
WordPress plugin ZYREX POPUP 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...
WordPress Zyrex Popup Plugin <= 1.0 is vulnerable to Arbitrary File Upload
Software Zyrex Popup Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0924 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 902b3bcce78c Credits Yogesh Verma Required privilege Administrator...
Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload
The plugin does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. Create a new popup by filling in anything in the...