The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-16T12:08:53
Updated: 2024-08-06T03:47:32.957Z
Reserved: 2019-09-13T00:00:00
Link: CVE-2016-10959
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-09-16T13:15:10.447
Modified: 2019-09-16T20:51:34.910
Link: CVE-2016-10959
Redhat
No data.