mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-06 18:52:01 +00:00
WordPress Plugin Mailpress 4.5.2 RCE
In the WordPress Mailpress Plugin, the subject parameter in the iview function in the mailpress/mp-includes/class/MP_Actions.class.php file is not filtered, and pass to do_eval function, leading to remote code execution.
Affected version: WordPress Plugin Mailpress <= 4.5.2
FOFA query rule: app="WordPress"
Demo
