Description
WordPress Plugin DB Toolkit is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin DB Toolkit versions 0.1.10 and prior are vulnerable.
Remediation
Update to the latest version
References
Related Vulnerabilities
Moodle Incomplete Cleanup Vulnerability (CVE-2024-38275)
WordPress Plugin Font-official webfonts plugin of Fonts For Web Directory Traversal (7.5)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331)
WordPress Plugin WPML (WordPress Multilingual) Multiple Vulnerabilities (3.1.8.6)