ThreatPress

WordPress Vulnerability Database

Back

WordPress WP E-Signature premium plugin <= 1.5.6.5 - Unauthenticated Remote Code Execution (RCE) vulnerability

Product
WP E-Signature
Description
Unauthenticated Remote Code Execution (RCE) vulnerability found by John Castro in WordPress WP E-Signature premium plugin (versions <= 1.5.6.5).
Solution
Update the WordPress WP E-Signature premium plugin to the latest available version (at least 1.5.6.8).
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Plugin changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 1.5.6.5
Fixed In 1.5.6.8
Disclosure date
2021-01-13
Credits
John Castro