exploitDog

CVE-2023-4019

Опубликовано: 04 сент. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

Ссылки

https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:riverforest-wp:media_from_ftp:*:*:*:*:*:wordpress:*:*

Версия до 11.17 (исключая)

EPSS

Процентиль: 48%

0.0025

Низкий

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-jmf8-xh4v-2pr9

CVSS3: 8.8

github

больше 2 лет назад

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

EPSS

Процентиль: 48%

0.0025

Низкий

8.8 High

CVSS3

Дефекты