3 matches found
WordPress is vulnerable to Arbitrary File Upload
Software WordPress Type WordPress Core Vulnerable versions 6.4.3 Fixed in 6.4.3 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2018-14028 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 87a72ffd6c73 Credits Vinicius Marangoni Required privilege...
WordPress <= 4.9.8 Multiple Vulnerabilities - Linux
WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2018-14028
CVE-2018-14028 affects WordPress 4.9.7. The vulnerability arises because plugin uploads via the admin area are not verified as ZIP files, enabling an attacker with plugin-upload capabilities to upload a PHP file. Although the plugin extraction may fail, the PHP file can remain in a predictable wp...