WordPress Plugin Vulnerabilities
External Media < 1.0.34 - Authenticated Arbitrary File Upload
Description
The wp_ajax_upload-remote-file AJAX action of the plugin was vulnerable to arbitrary file uploads via any authenticated users.
Proof of Concept
Affects Plugins
Fixed in 1.0.34 References
Miscellaneous
Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-05-13 (about 4 years ago)
Added
2021-05-13 (about 4 years ago)
Last Updated
2021-05-14 (about 4 years ago)
WPScan 