Remote File Upload Issue in MailCWP Plugin by WordPress
CVE-2015-1000000

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: MailcWP
Vendor: CVE Published:; 6 October 2016

What is CVE-2015-1000000?

The MailCWP plugin for WordPress has a remote file upload vulnerability that allows attackers to upload malicious files through an insecure file upload feature. This can lead to unauthorized access and potential compromise of the website. It is essential to address this vulnerability by updating to the latest version of the plugin to ensure the security of the affected WordPress installations.

References

http://www.vapidlabs.com/advisory.php?v=138

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2016
Vulnerability Reserved
Jun 7, 2016

Wordpress

What is CVE-2015-1000000?

References

EPSS Score

CVSS V3.1

Timeline