SupportCandy <= 2.0.0 - Arbitrary File Upload

Affects Plugin

fixed in version 2.0.1

References

CVE 2019-11223
URL https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/
URL https://github.com/AngelCtulhu/CVE-2019-11223

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Original Researcher Christian Angel - KALASAG CERT
Views 4495
Verified No
WPVDB ID 9488

Timeline

Publicly Published 2019-04-17 (about 1 year ago)
Added 2019-08-01 (12 months ago)
Last Updated 2020-03-11 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin