Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload



Description
Edit (WPScanTeam):
March 26th, 2020 - Report Received & Vendor Contacted
March 30th, 2020 - Escalated to WP Plugins team as no response from vendor
March 31st, 2020 - WP Plugins team investigating & Plugin closed
April 2nd, 2020 - Disclosure
Proof of Concept The PoC will be displayed once the issue has been remediated.

Affects Plugin

no known fix
- plugin closed

References

CVE 2018-9206

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Original Researcher Random Robbie
Submitter Twitter Random_Robbie
Views 1445
Verified Yes
WPVDB ID 10163

Timeline

Publicly Published 2020-04-02 (about 2 months ago)
Added 2020-04-02 (about 2 months ago)
Last Updated 2020-04-03 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin