Security Advisory

CVE-2020-24948

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-09-03 14:06:10

Last updated 2024-08-04 15:26:08

Assigner mitre

State PUBLISHED

Description

The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.

← Browse all CVEs View on cve.org ↗