WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

15 days 5 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The WordPress ShowBiz Pro plugin version <= 1.7.1 allows arbitrary PHP file upload via the `admin-ajax.php` endpoint.This leads to unauthenticated remote code execution.

References:

https://wpscan.com/vulnerability/1c8f1872-a699-464a-9c6b-f8a49ca22ecb/
https://nvd.nist.gov/vuln/detail/CVE-2015-9499
https://packetstormsecurity.com/files/132737/

Get started to protecting your digital assets

Start trial See the plans

WordPress ShowBiz Pro <= 1.7.1 - Authenticated Arbitrary File Upload to RCE

Short Info

-

Detail

Category