WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload

Description

An Authenticated user (admin+) can bypass the security check of the plugin and upload arbitrary files via the Brand Logo.

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

hs-brand-logo-slider
No known fix - plugin closed

References

ExploitDB
48913

Classification

Type

UPLOAD

CWE
CWE-434

Miscellaneous

Original Researcher

Net-Hunter

Verified

Yes

WPVDB ID
3aab3cab-13bf-4423-a2d3-e23dbc71c5c2

Timeline

Publicly Published

2020-10-21 (about 2 years ago)

Added

2020-10-21 (about 2 years ago)

Last Updated

2020-11-03 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin