← volver
CVE-2020-37227

WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

CVSS 8.7 HIGHEPSS 0.5%CWE-434
Vexday Risk Score
41Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 8.7EPSS 0.5%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
16 may 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.