The Cyclone Slider Plugin, used up to version 3.2.0, had a security vulnerability which allowed malicious actors with administrator privileges to upload and extract zip files containing web shells. These web shells were disguised as valid images, which the plugin accepted without further checks. This vulnerability could have been used to remotely execute malicious code.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
