WordPress Plugin Vulnerabilities

Custom Content Type Manager <= 0.9.8.5 - Remote Code Execution

Description

CCTM plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

Affects Plugins

Plugin icon
custom-content-type-manager
Fixed in 0.9.8.6

References

CVE
CVE-2015-3173
URL
https://blog.nettitude.com/uk/custom-content-type-manager-remote-code-execution

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Submitter
Iain Wallace
Submitter website
http://strawp.net
Submitter twitter
strawp
Verified
No
WPVDB ID
6b3d0736-7f08-4403-95eb-4385cb206f9e

Timeline

Publicly Published
2015-05-21 (about 10 years ago)
Added
2015-07-06 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-02-21
Title
Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-02-07
Title
WP All Export Pro < 1.9.2 - Authenticated (ShopManager+) Arbtirary Options Update
Published
2025-06-23
Title
Content No Cache < 0.1.5 - Unauthenticated Arbitrary Function Call
Published
2022-05-18
Title
The School Management < 9.9.7 - Unauthenticated RCE via REST api
Published
2024-07-29
Title
AI Engine < 2.5.1 - Admin+ RCE