Vulnerability Details CVE-2016-10960
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.581
EPSS Ranking 98.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://wordpress.org/plugins/wsecure/#developers
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
- https://wordpress.org/plugins/wsecure/#developers
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
Products affected by CVE-2016-10960
-
cpe:2.3:a:joomlaserviceprovider:wsecure:-
-
cpe:2.3:a:joomlaserviceprovider:wsecure:1.0
-
cpe:2.3:a:joomlaserviceprovider:wsecure:2.0
-
cpe:2.3:a:joomlaserviceprovider:wsecure:2.1
-
cpe:2.3:a:joomlaserviceprovider:wsecure:2.2
-
cpe:2.3:a:joomlaserviceprovider:wsecure:2.3