cleantalk
Vulnerabilities and Security Researches

Stylish Price List – Price Table Builder & QR Code Restaurant Menu, CVE-2021-24770

CVE, Research URL

CVE-2021-24770

Published on
Nov 01, 2021
Research Description
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.
Affected versions
Min -, max 6.9.1.
Status
vulnerable