2 matches found
CVE-2024-2125
The EnvíaloSimple: Email Marketing y Newsletters for WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) up to version 2.3 due to missing nonce validation in gallery_add, allowing unauthenticated attackers to upload arbitrary files if a site admin is tricked into performing an act...
WordPress EnvíaloSimple Plugin <= 2.3 is vulnerable to Arbitrary File Upload
Software EnvíaloSimple Type Plugin Vulnerable versions = 2.3 Fixed in 2.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-2125 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 3f5859f4f7d7 Credits Francesco Carlucci Required privilege...