WordPress Landing Pages 1.8.8-1.9.0 - Unauthenticated Remote Command Execution

Affects Plugin

fixed in version 1.9.2
- plugin closed

References

CVE 2015-5227
URL https://blog.nettitude.com/uk/cve-2015-5227-zeropress-and-remote-code-execution-in-the-wordpress-landing-pages-plugin

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 4900
Verified No
WPVDB ID 8200

Timeline

Publicly Published 2015-09-30 (almost 5 years ago)
Added 2015-09-30 (almost 5 years ago)
Last Updated 2019-10-31 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin