|Category:||Web application abuses|
|Title:||WordPress Drag and Drop Multiple File Upload Plugin < 220.127.116.11 Unrestricted File Upload Vulnerability|
|Summary:||The Drag and Drop Multiple File Upload plugin for WordPress is prone; to an unrestricted file upload vulnerability that can result in remote code execution.|
The Drag and Drop Multiple File Upload plugin for WordPress is prone
to an unrestricted file upload vulnerability that can result in remote code execution.
The allowed file extension list can be bypassed by appending a %,
allowing for php shells to be uploaded. No authentication is required for exploitation.
Successful exploitation of this issue may allow an attacker to upload files containing
malicious php code which then can be executed remotely.
WordPress Drag and Drop Multiple File Upload plugin before version 18.104.22.168.
Update the plugin to version 22.214.171.124 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-12800|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.