WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Simple:Press < 6.6.1 - Broken Access Control leading to RCE

Description

Jerome Bruandet, from NinTechNet, discovered a broken access control issue in the plugin, which could lead to unauthenticated arbitrary file and RCE.

Affects Plugins

simplepress
Fixed in version 6.6.1

References

URL
https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Jerome Bruandet (NinTechNet)

Verified

No

WPVDB ID
27d4a8a5-9d81-4b42-92be-3f7d1ef22843

Timeline

Publicly Published

2020-09-25 (about 2 years ago)

Added

2020-09-25 (about 2 years ago)

Last Updated

2020-09-26 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin