Description
WordPress Plugin WP Symposium is prone to multiple vulnerabilities that lets attackers upload arbitrary files. An attacker can exploit these vulnerabilities to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin WP Symposium version 11.11.26 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 11.12.24 or latest
References
Related Vulnerabilities
WordPress Plugin Simple Download Monitor Multiple Cross-Site Request Forgery Vulnerabilities (3.9.8)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.68)
MySQL CVE-2016-0639 Vulnerability (CVE-2016-0639)
WordPress Plugin Uploader 'num' Parameter Cross-Site Scripting (1.0.0)
Joomla Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-10238)