Lucene search
China National Vulnerability DatabaseCNVD-2022-88250HistorySep 28, 2022 - 12:00 a.m.
WordPress Scripts Organizer Arbitrary File Upload Vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
wordpress
plugin
arbitrary file upload
vulnerability
remote execution
validation
admin-ajax.php
EPSS
0.001
Percentile
40.8%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Scripts Organizer versions prior to 3.0 are vulnerable to arbitrary file uploads, which stem from a lack of validation of uploaded files in the action parameter of wp-admin/admin-ajax.php. An attacker could exploit the vulnerability to upload malicious files to remotely execute arbitrary code.
Related
wpexploit
wpexploit
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
2022-09-05 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2021-24890
2022-09-26 13:15:09
cve
cve
CVE-2021-24890
2022-09-26 13:15:09
prion
prion
Cross site request forgery (csrf)
2022-09-26 13:15:00
wpvulndb
wpvulndb
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
2022-09-05 00:00:00
patchstack
patchstack