CVE List

CVE-2019-15866

Critical 8.8

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.

Published September 3, 2019.

Affected software

Crelly Slider Project Crelly Slider

Reference links

Sign Up for Alerts