WordPress MailCWP Plugin <= 1.99 - Arbitrary File Upload

Back

Product: MailCWP
Description: This plugin is prone to a arbitrary file upload vulnerability, because the code in mailcwp-upload.php doesn't check that a user is authenticated or what type of file is being uploaded.
Solution: Update the plugin.
Classification: Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References: Packet Storm Security
CVE: Name CVE-N/A
Versions: Affected In <= 1.99
Fixed In 1.110
Disclosure date: 2015-07-10
Credits: Larry W. Cashdollar

ThreatPress