WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)

Description

WordPress Plugin Simple:Press is prone to security bypass and arbitrary file upload vulnerabilities. Attackers can leverage these issues to bypass certain security restrictions and to upload and execute arbitrary code in the context of the application. WordPress Plugin Simple:Press versions prior to 4.1.3 are vulnerable.

Remediation

Update to plugin version 4.1.3 or latest

References

http://simple-press.com/security-release-4-1-3-now-available/

http://secunia.com/advisories/39923/

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13364)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2010-3864)

WordPress Plugin Border Loading Bar Cross-Site Scripting (1.0.1)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud SQL Injection (4.10.8)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22150)

Severity

High

Classification

CWE-264 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass Unauthenticated File Upload