exploitDog

CVE-2023-4536

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE

Ссылки

https://wpscan.com/vulnerability/80e0e21c-9e6e-406d-b598-18eb222b3e3e/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/80e0e21c-9e6e-406d-b598-18eb222b3e3e/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:koalaapps:my_account_page_editor:*:*:*:*:*:wordpress:*:*

Версия до 1.3.2 (исключая)

EPSS

Процентиль: 68%

0.00567

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-5qx2-wfg4-53mm

CVSS3: 8.8

github

около 2 лет назад

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE

EPSS

Процентиль: 68%

0.00567

Низкий

8.8 High

CVSS3

Дефекты

CWE-434