资产安全
商业安全
安全服务
返回- 漏洞ID:
- 漏洞类型:其他
- 发布日期:2026-01-08 00:00:00
- 更新时间:2026-01-09 00:00:00
- CVE编号:CVE-2019-25296
- CNNVD-ID:CNNVD-202601-1567
- 漏洞平台:WordPress
- CVSS评分:
暂无
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin WP Cost Estimation 9.642及之前版本存在安全漏洞,该漏洞源于lfb_upload_form和lfb_removeFile AJAX操作缺少文件类型验证,可能导致任意文件上传和删除。
来源:wpscan.com 链接:https://wpscan.com/vulnerability/9219 来源:www.acunetix.com 链接:https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wp-cost-estimation-payment-forms-builder-multiple-vulnerabilities-9-642/ 来源:www.wordfence.com 链接:https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/ 来源:www.wordfence.com 链接:https://www.wordfence.com/threat-intel/vulnerabilities/id/ae50aa5d-95e3-4650-9dbf-118b4ba3abda?source=cve 来源:www.zdnet.com 链接:https://www.zdnet.com/article/another-wordpress-commercial-plugin-gets-exploited-in-the-wild/
微信扫码关注公众号
