4 matches found
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
uDraw < 3.3.3 - Unauthenticated Arbitrary File Access
The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...
WordPress Web To Print Shop : uDraw plugin <= 3.3.32 - Unauthenticated Arbitrary File Access vulnerability
Unauthenticated Arbitrary File Access vulnerability discovered by cydave in WordPress Web To Print Shop : uDraw plugin versions = 3.3.32. Solution Update the WordPress Web To Print Shop : uDraw plugin to the latest available version at least 3.3.33...