Security Advisory

CVE-2022-0541

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-25 15:50:59

Last updated 2024-08-02 23:32:46

Assigner WPScan

State PUBLISHED

Description

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.

← Browse all CVEs View on cve.org ↗