Back to search
CVE-2018-12426
Published: Jul 2, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9697
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now