The WPCode WordPress plugin prior to 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow malicious users to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpcode wpcode |