2 matches found
CVE-2019-25138
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspcheckimages function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites...
CVE-2019-25138
The CVE-2019-25138 entry concerns the WordPress plugin “User Submitted Posts.” Affected component: usp_check_images, vulnerable through missing file type validation in versions up to and including 20190312. Impact: unauthenticated attackers can upload arbitrary files to the server, with potential...