Vulnerabilities > Simple Press > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2020-36706 Unrestricted Upload of File with Dangerous Type vulnerability in Simple-Press Simple:Press
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0.
network
low complexity
simple-press CWE-434
critical
 9.8
9.8