2 matches found
CVE-2021-24376
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP...
CVE-2021-24376
The CVE-2021-24376 entry concerns the Autoptimize WordPress plugin prior to 2.7.8. The issue is a race-condition vulnerability where, after extracting an uploaded archive via Import Settings, the plugin attempts to delete malicious files (e.g., PHP) but does not fully inspect the extracted folder...