Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE
Vulnerability Description
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
WordPress 插件 代码问题漏洞
Vulnerability Description
WordPress 插件是WordPress开源的一个应用插件。 WP-Curriculo Vitae Free WordPress插件 6.3版本存在代码问题漏洞,该漏洞源于表单允许未经身份验证的用户注册和提交他们的头像和简历文件,没有任何文件扩展名限制,导致RCE。
CVSS Information
N/A
Vulnerability Type
N/A