CVE-2020-24186

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action...

PT-2020-15645 · Gvectors · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: gVectors wpDiscuz plugin versions 7.0 through 7.0.4 Description: A Remote Code Execution issue exists, allowing unauthenticated users to upload any type of file, including PHP files, via the wmuUploadFiles AJAX action. Recommendations: For...