Descrição
Low privileged users can use the AJAX action ‘cp_plugins_do_button_job_later_callback’ in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24190
Tags
Nâo informado
Data de publicação
14/05/2021
Última atualização
01/12/2024
Pontuação em CVSS 3.0
8.8
Alto