exploitDog

CVE-2023-4821

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

Ссылки

https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codedropz:drag_and_drop_multiple_file_uploader:*:*:*:*:*:wordpress:*:*

Версия до 1.1.1 (исключая)

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-9c5w-974x-xjxh

CVSS3: 5.4

github

больше 2 лет назад

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.

EPSS

Процентиль: 30%

0.00109

Низкий

5.4 Medium

CVSS3

Дефекты