Switch:

background

MCERT

Threat Alerts

CVE-2016-10958 (estatik)

16th September 2019 - 22:35

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. Link: ht... Read more

CVE-2016-10959 (estatik)

16th September 2019 - 22:35

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/adm... Read more

CVE-2016-10962 (icegram)

16th September 2019 - 22:35

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. Link: https://web.nvd.nist.gov/view/vuln/... Read more

CVE-2016-10972 (newspaper)

16th September 2019 - 22:35

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. Link: https://web.nvd.nist.gov/view/... Read more