Description
WordPress Plugin Akeeba Backup CORE for WordPress is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin Akeeba Backup CORE for WordPress version 1.1.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.5 or latest
References
Related Vulnerabilities
WordPress Plugin Floating Chat Widget:Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button-Chaty Multiple Cross-Site Scripting Vulnerabilities (2.8.3)
WordPress 5.0.x Prototype Pollution (5.0 - 5.0.15)
WordPress Plugin Ads in bottom right Multiple Vulnerabilities (1.0)
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4941)
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Unspecified Vulnerability (2.1.12)