The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
References
Link | Resource |
---|---|
https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt | Third Party Advisory |
https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426 | Exploit Third Party Advisory |
https://wpvulndb.com/vulnerabilities/9697 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-07-02T17:00:00
Updated: 2019-08-23T17:06:14
Reserved: 2018-06-14T00:00:00
Link: CVE-2018-12426
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-02T17:29:00.303
Modified: 2021-07-20T12:02:07.363
Link: CVE-2018-12426
JSON object: View
Redhat Information
No data.
CWE