ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ultimate Product Catalog Plugin 3.8.6 - Arbitrary File Upload

Product
Ultimate Product Catalogue
Description
Because of this vulnerability, an attacker can upload arbitrary files to WordPress upload directory and manage this plugin with an especific account.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
0day.today
CVE
Name CVE-N/A
Versions
Affected In <= 3.8.6
Fixed In 3.8.7
Disclosure date
2016-06-27
Credits
i0akiN SEC-LABORATORY