CVE-2021-24721

CVE-2021-24721

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations.

Source: CVE-2021-24721

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다