Vulnerabilities

CVE-2014-8949

by Fred · 16/11/2014

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.

Date published : 2014-11-16

http://www.exploit-db.com/exploits/33076

http://seclists.org/fulldisclosure/2014/Apr/265

Similar

Tags: Cybersecurity Alert