Arbitrary File Upload Vulnerability in Crelly Slider Plugin for WordPress

Arbitrary File Upload Vulnerability in Crelly Slider Plugin for WordPress

CVE-2019-15866 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.

Learn more about our Wordpress Pen Testing.