CVE-2019-15873 – ProfileGrid – User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. El plugin profilegrid-user-profiles-groups-and-communities en versiones anteriores a la 2.8.6 para WordPress presenta una ejecución de código remota mediante una solicitud wp-admin/admin-ajax.php con la subcadena action-pm_template_preview&html- • https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers https://wpvulndb.com/vulnerabilities/9086 • CWE-94: Improper Control of Generation of Code ('Code Injection') •