VYPR

RVM WordPress plugin

by WordPress

CVEs (1)

  • CVE-2021-24947MedFeb 7, 2022
    risk 0.42cvss 6.5epss 0.03

    The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server