2 matches found
CVE-2021-24770
The CVE-2021-24770 item relates to the WordPress plugin Stylish Price List (versions before 6.9.1). Affected component: spl_upload_ser_img AJAX action. Root cause: lack of capability checks for authenticated users, enabling any authenticated user (e.g., subscribers) to upload arbitrary images. Im...
CVE-2021-24770 Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spluploadserimg AJAX action available to authenticated users, which could allow any authenticated users, such as subscriber, to upload arbitrary images...