The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-10-20T06:35:22.945Z

Updated: 2024-09-12T14:06:14.992Z

Reserved: 2023-06-06T12:42:13.197Z

Link: CVE-2020-36706

cve-icon Vulnrichment

Updated: 2024-08-04T17:37:06.593Z

cve-icon NVD

Status : Modified

Published: 2023-10-20T07:15:14.650

Modified: 2024-11-21T05:30:07.123

Link: CVE-2020-36706

cve-icon Redhat

No data.