2 matches found
CVE-2020-36706
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary fil...
CVE-2020-36706
CVE-2020-36706 affects the Simple:Press WordPress Forum Plugin. The issue is missing file type validation in the sf-uploader.php uploader (~/admin/resources/jscript/ajaxupload/sf-uploader.php), allowing arbitrary file uploads in versions up to 6.6.0 and potentially enabling remote code execution ...