CVE-2021-24493

The shoppuploadfile AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading t...

CVE-2021-24493

The shoppuploadfile AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading t...

WordPress 插件代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Shopp, which stems from the shoppuploadfil...

WordPress Shopp Plugin - Multiple Security Vulnerabilities

WordPress Shopp plugin is prone to multiple security vulnerabilities that allow an attacker to disclose or steal information, execute arbitrary client side script code in the context of browser or launch other attacks. Also, these vulnerabilities allow to upload and execute arbitrary files in the...

WordPress Plugin Shopp - Multiple Vulnerabilities

WordPress Plugin Shopp - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/55817/info The Shopp plugin for WordPress is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attackers can exploit these issues to disclose sensitiv...