The plugin has a security issue that can be exploited in versions 2.6.3 and below. This can happen when untrusted information is processed in the import function through the ‘shortcode’ parameter. This can give attackers with administrator-level access the ability to inject a PHP Object. If there are other plugins or themes installed on the system, the attacker could potentially remove important files, access confidential information, or run their own code.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)
