Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
CVE-2021-24757

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Stylish Price List
Vendor: CVE Published:; 1 November 2021

Summary

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.

Affected Version(s)

Stylish Price List 6.9.0

References

https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

apple502j