Pt Luxa Addons
Monthly
Arbitrary file upload in the PT Luxa Addons WordPress plugin (versions 1.2.2 and earlier) allows authenticated users with low-privilege Subscriber accounts to upload attacker-controlled files to a WordPress site, leading to remote code execution and full site compromise. The scope-changed CVSS 9.9 reflects that a minimally privileged WordPress user can pivot to code execution affecting the entire web server. No public exploit identified at time of analysis.
Arbitrary file upload in the PT Luxa Addons WordPress plugin (versions 1.2.2 and earlier) allows authenticated users with low-privilege Subscriber accounts to upload attacker-controlled files to a WordPress site, leading to remote code execution and full site compromise. The scope-changed CVSS 9.9 reflects that a minimally privileged WordPress user can pivot to code execution affecting the entire web server. No public exploit identified at time of analysis.