The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HJoomunited Wp Meta Seo
APPJoomunited< 4.5.5
Powiązane podatności
The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in ...
The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, l...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnit...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomUnit...
The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, an...