ID WPVDB-ID:814D5F2D-399A-4738-A48B-009C4F8043EE Type wpvulndb Reporter wpvulndb Modified 2020-12-18T06:01:06
Description
Unauthenticated users could install/activate/deactivate arbitrary plugins, including install one from a remote source under their control (by having $_REQUEST['ccDestin'] set to external and $_REQUEST['ccFileUrl'] to the remote ZIP file)
{"id": "WPVDB-ID:814D5F2D-399A-4738-A48B-009C4F8043EE", "type": "wpvulndb", "bulletinFamily": "software", "title": "ListingPro < 2.6.1 - Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation", "description": "Unauthenticated users could install/activate/deactivate arbitrary plugins, including install one from a remote source under their control (by having $_REQUEST['ccDestin'] set to external and $_REQUEST['ccFileUrl'] to the remote ZIP file)\n", "published": "2020-12-17T00:00:00", "modified": "2020-12-18T06:01:06", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://wpscan.com/vulnerability/814d5f2d-399a-4738-a48b-009c4f8043ee", "reporter": "wpvulndb", "references": ["https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/"], "cvelist": [], "lastseen": "2021-02-16T04:40:46", "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2021-02-16T04:40:46", "rev": 2}, "score": {"value": 4.0, "vector": "NONE", "modified": "2021-02-16T04:40:46", "rev": 2}, "vulnersScore": 4.0}, "affectedSoftware": [{"version": "2.6.1", "operator": "lt", "name": "listingpro"}], "exploit": "", "sourceData": "", "generation": 1, "immutableFields": []}
