Description

WordPress Plugin Cimy User Extra Fields is prone to a Denial of Service vulnerability. Exploiting this issue allows an attacker to delete random server files and 'hide' multiple files on the server, thus denying service to legitimate users. WordPress Plugin Cimy User Extra Fields version 2.6.3 is vulnerable; prior versions are also affected.

Remediation

Update to plugin version 2.6.4 or latest

References

http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/all-versions-and-changelog/

Related Vulnerabilities

Drupal Core 8.8.x Security Bypass (8.8.0 - 8.8.9)

Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0)

WordPress Plugin Logo Showcase with Slick Slider-Logo Carousel, Logo Slider & Logo Grid Security Bypass (1.2.4)

WordPress Plugin Google Forms Server-Side Request Forgery (0.91)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (10.0)

Severity

High

Classification

CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Tags

Missing Update Denial Of Service