2 matches found
CVE-2015-1000000
CVE-2015-1000000 affects the MailCWP WordPress plugin (around v1.99/v1.100) via an unauthenticated arbitrary file upload vulnerability. The root cause is improper access control in the upload logic (mailcwp-upload.php), allowing any user to upload a file without authentication or type checks, pot...
CVE-2016-1000156
CVE-2016-1000156 describes a remote file upload vulnerability in the MailCWP WordPress plugin. The vulnerability stems from incomplete/insufficient hardening of the file upload path, enabling an attacker to upload arbitrary files (potentially a web shell) to the WordPress site. Public references ...