3 matches found
CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...
CVE-2024-7620
The CVE-2024-7620 entry concerns the WordPress plugin Customizer Export/Import (
CVE-2024-7620 Customizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings Import
The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...