WordPress Responsive Thumbnail Slider 1.0 - Authenticated Shell Upload & CSRF
The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability. However, CSRF on the image upload form makes this exploitable by a malicious actor.
|Proof of Concept||
|Publicly Published||2015-08-31 (over 4 years ago)|
|Added||2015-09-02 (over 4 years ago)|
|Last Updated||2019-10-24 (3 months ago)|
Our Other Services
|Online WordPress Vulnerability Scanner||WPScan WordPress Security Plugin|