Stylish Price List – Price Table Builder & QR Code Restaurant Menu, CVE-2021-24770
- CVE, Research URL
- Home page URL
-
Security reports for Stylish Price List – Price Table Builder & QR Code Restaurant Menu
- Published on
- Nov 01, 2021
- Research Description
- The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.
- Affected versions
-
Min -, max 6.9.1.
- Status
-
vulnerable