SG Optimizer <= 5.0.12 - Unauthenticated File Upload



Description
According to the original researchers:

"A successful attack on the SiteGround Optimizer would allow bad actors to store backdoors on vulnerable sites."

Affects Plugin

fixed in version 5.0.13

References

URL https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-optimizer-caldera-forms.html

Classification

Type TRAVERSAL
CWE CWE-22

Miscellaneous

Original Researcher Sucuri
Submitter Ryan Dewhurst
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 6187
Verified No
WPVDB ID 9233

Timeline

Publicly Published 2019-03-14 (4 months ago)
Added 2019-03-14 (4 months ago)
Last Updated 2019-03-14 (4 months ago)