The WP-CRM System plugin for WordPress has a security flaw that allows attackers to inject malicious code. This can only be done by someone with administrator-level access or higher. If the attacker also has access to other plugins or themes on the system, they may be able to do more damage, such as deleting files or stealing sensitive information.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
