PT-2023-10172 · Unknown · Vaultpress Plugin+1
Published
2023-06-01
·
Updated
2024-05-17
·
CVE-2014-125104
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
VaultPress Plugin versions up to 1.6.0
Description
A critical issue has been found in the VaultPress Plugin, affecting the
protect aioseo ajax function of the class.vaultpress-hotfixes.php file in the MailPoet Plugin component. This issue leads to unrestricted upload and can be exploited remotely.Recommendations
For VaultPress Plugin versions up to 1.6.0, upgrade to version 1.6.1 to address this issue.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailpoet Plugin
Vaultpress Plugin