2 matches found
CVE-2021-24820
The Cost Calculator WordPress plugin through 1.6 allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.6 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout...
CVE-2021-24820
The CVE refers to WordPress Cost Calculator plugin (versions ≤ 1.6) that, due to insufficient filtering in the Layout parameter, allowed authenticated users (Contributor+