3 matches found
CVE-2022-1540
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...
CVE-2022-1540 PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...
CVE-2022-1540
The CVE-2022-1540 issue affects the WordPress plugin PostmagThemes Demo Import, version 1.0.7 and earlier. The root cause is that the plugin does not validate the uploaded import file, enabling high-privilege users (e.g., admins) to upload arbitrary files (such as PHP), which can lead to remote c...