WordPress Plugin Vulnerabilities

Xserver Migrator < 1.6.2.1 - Arbitrary File Upload via CSRF

Description

The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to upload arbitrary files granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Fixed in 1.6.2.1

References

Classification

Miscellaneous

Original Researcher
Dimas Maulana
Verified
No

Timeline

Publicly Published
2024-04-29 (about 2 years ago)
Added
2024-05-07 (about 2 years ago)
Last Updated
2024-05-28 (about 2 years ago)

Other