WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Custom Content Type Manager <= 0.9.8.5 - Remote Code Execution

Description

CCTM plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

Affects Plugins

custom-content-type-manager
Fixed in version 0.9.8.6 - plugin closed

References

CVE
CVE-2015-3173
URL
https://blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution

Classification

Type

RCE

OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Submitter

Iain Wallace

Submitter website
http://strawp.net
Submitter twitter
strawp
Verified

No

WPVDB ID
6b3d0736-7f08-4403-95eb-4385cb206f9e

Timeline

Publicly Published

2015-05-21 (about 7 years ago)

Added

2015-07-06 (about 7 years ago)

Last Updated

2019-10-31 (about 3 years ago)

Our Other Services

WPScan WordPress Security Plugin