ThreatPress

WordPress Vulnerabilities Database

Back

WordPress MailCWP Plugin <= 1.99 - Arbitrary File Upload

Product
MailCWP
Description
This plugin is prone to a arbitrary file upload vulnerability, because the code in mailcwp-upload.php doesn't check that a user is authenticated or what type of file is being uploaded.
Solution
Update the plugin.
Classification
Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References
Packet Storm Security
CVE
Name CVE-N/A
Versions
Affected In <= 1.99
Fixed In 1.110
Disclosure date
2015-07-10
Credits
Larry W. Cashdollar