ThreatPress

WordPress Vulnerabilities Database

Back

WordPress AccessAlly plugin <= 3.3.1 - Arbitrary PHP Execution vulnerability

Product
AccessAlly
Description
Arbitrary PHP Execution vulnerability found by Brad Patton in WordPress AccessAlly plugin (versions <= 3.3.1).
Solution
Update the WordPress AccessAlly plugin to the latest available version (at least 3.3.2).
Classification
Type PHP Object Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.3.1
Fixed In 3.3.2
Disclosure date
2020-01-21
Credits
Brad Patton
Submitter
ThreatPress