CNNVD-202602-470 Information
CNNVD ID
CNNVD-202602-470
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin OS DataHub Maps 1.8.3及之前版本存在代码问题漏洞,该漏洞源于OS_DataHub_Maps_Admin::add_file_and_ext函数文件类型验证不正确,可能导致经过身份验证的攻击者上传任意文件并实现远程代码执行。
Description (English)
WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. WordPress plugin is an application plugin. WordPresin OS Datshaub Maps 1.8.3 and previous versions had a code problem loophole, which originated from the incorrect authentication of the type of file of the OS Datshaub Maps Admin::add file and ext function, which could lead to the uploading of any file and remote code execution by an identified assailant.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
WordPress
Published
2026-02-03
Last Modified
2026-02-24
References
https://plugins.trac.wordpress.org/browser/os-datahub-maps/trunk/include/osmap-admin.php?rev=3449192#L67 https://plugins.trac.wordpress.org/changeset/3452323/os-datahub-maps https://www.wordfence.com/threat-intel/vulnerabilities/id/c32ba2a0-a9a7-4f17-8169-912cecc40b7b?source=cve https://plugins.trac.wordpress.org/browser/os-datahub-maps/trunk/os-datahub-maps.php?rev=3449192#L87 https://plugins.trac.wordpress.org/browser/os-datahub-maps/trunk/include/osmap-admin.php?rev=3449192#L51 https://access.redhat.com/security/cve/cve-2026-1730
Patch
https://wordpress.org/plugins/os-datahub-maps
Share on: