ThreatPress

WordPress Vulnerabilities Database

Back

WordPress IgniteUp plugin <=3.4 - Multiple vulnerabilities

Product
IgniteUp
Description
Multiple vulnerabilities found by Jerome Bruandet in WordPress IgniteUp plugin (versions <=3.4). Vulnerabilities that could be exploited by unauthenticated users include Arbitrary File Deletion, HTML injection & CSRF in email messages, Stored Cross-Site Scripting (XSS), Sensitive Information Disclosure, Arbitrary subscriber deletion, Arbitrary plugin template switch.
Solution
Update the WordPress IgniteUp plugin to the latest available version (at least 3.4.1).
Classification
Type Multi
References
Plugin changelog
CVE
Name CVE-2019-17234, 2019-17235, 2019-17236, 2019-17237
Versions
Affected In <=3.4
Fixed In 3.4.1
Disclosure date
2019-11-11
Credits
Jerome Bruandet (Nintechnet)
Submitter
ThreatPress