Audio Record, 57353b21c6c6cb12ab7c1a3d31d7e8ee2175a245

CVE, Research URL: 57353b21c6c6cb12ab7c1a3d31d7e8ee2175a245
Home page URL: Security reports for Audio Record
Application: Audio Record
Published on: Jan 07, 2019
Research Description: Audio Record [audio-record] <= 1.0 (unfixed + closed) Audio Record <= 1.0 - Arbitrary File Upload The Audio Record plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_record_callback function in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected versions: max 1.0.
Status: vulnerable