Descrição
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2020-35945
Tags
Nâo informado
Data de publicação
01/01/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
9.9
Crítico