WordPress Plugin Vulnerabilities

Plainview Activity Monitor < 20180826 - Remote Command Execution (RCE)

Description

The Plainview Activity Monitor WordPress plugin was affected by a Remote Command Execution (RCE) security vulnerability.

Affects Plugins

Plugin icon
plainview-activity-monitor
Fixed in 20180826

References

CVE
CVE-2018-15877
URL
exploit/unix/webapp/wp_plainview_activity_monitor_rce
URL
https://plugins.trac.wordpress.org/changeset/1930493/plainview-activity-monitor

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
8.8 (high)

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ab749b6c-c405-40e0-8417-0fe1bdb8537c

Timeline

Publicly Published
2018-08-26 (about 7 years ago)
Added
2018-08-27 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-22
Title
TableOn <= 1.0.4.2 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-11-10
Title
Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-10-25
Title
ScottCart <= 1.1 - Unauthenticated Remote Code Execution
Published
2022-02-03
Title
Ad Inserter < 2.7.11 - Admin+ RCE / Stored XSS
Published
2022-02-22
Title
Transposh WordPress Translation < 1.0.8 - Admin+ RCE