Beta

Report

AGIL (Automatic Grid Image Listing) <= 1.0 is vulnerable to Arbitrary File Upload vulnerability

Administrator
Published
2022-04-19

The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

CVE

https://www.cve.org/CVERecord?id=CVE-2021-25119

CVSS

Score:7.2

Severity:High

Version: 1.0

The plugin vendor has not patched this vulnerability at the moment.