2 matches found
CVE-2023-4311
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode...
Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure
Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a non-existent...