5 matches found
CVE-2021-24947
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...
CVE-2021-24947 RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...
WordPress Plugin RVM 代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. A cross-site request forgery vulnerability exists in WordPress RVM, which originates from the rvmuploadfilepath parameter in the produ...
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server PoC As a subscriber, open...
WordPress RVM – Responsive Vector Maps plugin <= 6.4.1 - Arbitrary File Read vulnerability
Arbitrary File Read vulnerability discovered by Krzysztof Zając in WordPress RVM – Responsive Vector Maps plugin versions = 6.4.1. Solution Update the WordPress RVM – Responsive Vector Maps plugin to the latest available version at least 6.4.2...