CVE-2022-1574 – The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks whe …

27 June 2022

Vuln ID: CVE-2022-1574

Published: 2022-06-27 09:15:09Z

Description: The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server

Source: NVD.NIST.GOV

Date:

27 June 2022

Categorie(s):

NVD

Tag(s):

NVD

7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike27 April 2024
AI Helps Improve About Managed Detection and Response26 April 2024
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets26 April 2024