ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Cost Estimation plugin < 9.644 - Arbitrary File Upload and Delete vulnerability

Product
WP Cost Estimation & Payment Forms Builder
Description
Arbitrary File Upload and Delete vulnerability found by Wordfence in WordPress WP Cost Estimation (versions <9.644).
Solution
All versions older than 9.644 vulnerable and you should update to the latest available version (at least to 9.644).
Classification
Type Arbitrary File Upload
OWASP Top 10 A4: Insecure Direct Object References
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In < 9.644
Fixed In 9.644
Disclosure date
2019-02-14
Credits
Wordfence
Submitter
ThreatPress