WordPress和WordPress plugin 安全漏洞

WordPress is a blogging platform developed using the PHP language. The WordPress plugin flo-launch version 2.4.1 or earlier is vulnerable to an access control error that originates when the plugin injects code into wp-config.php when creating a clone site. prefix cookie to an arbitrary value to...

PT-2022-13251 · WordPress · Flo-Launch

Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...