4 matches found
CVE-2021-24757
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...
CVE-2021-24757
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...
CVE-2021-24757
CVE-2021-24757 affects the WordPress plugin Stylish Price List (versions prior to 6.9.0). The root cause is missing capability checks in the spl_upload_ser_img AJAX action, making image uploads possible by unauthenticated users. This could lead to arbitrary image upload and potential misuse on af...
CVE-2021-24757 Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images...