WordPress Plugin Vulnerabilities

SG Optimizer <= 5.0.12 - Unauthenticated File Upload

Description

According to the original researchers:

"A successful attack on the SiteGround Optimizer would allow bad actors to store backdoors on vulnerable sites."

Affects Plugins

Plugin icon
sg-cachepress
Fixed in 5.0.13

References

URL
https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-optimizer-caldera-forms.html

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher
Sucuri
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
edf20716-69cf-48d6-bb68-76f25a7ff804

Timeline

Publicly Published
2019-03-14 (about 7 years ago)
Added
2019-03-14 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-06-24
Title
WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block
Published
2026-03-05
Title
Shared Files < 1.7.58 - Contributor+ Arbitrary File Download
Published
2023-11-20
Title
File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal
Published
2021-01-15
Title
Simple Job Board < 2.9.4 - Authenticated Path Traversal Leading to Arbitrary File Download
Published
2026-03-03
Title
FormGent <= 1.5.5 - Unauthenticated Arbitrary File Deletion