CVE-2023-0255

Exploit

EPSS 1.39%
Veröffentlicht 13.02.2023 15:15:21
Zuletzt bearbeitet 21.03.2025 16:15:15
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

Mögliche Gegenmaßnahme

Enable Media Replace: Update to version 4.0.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Enable Media Replace

Version *-4.0.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shortpixel ≫ Enable Media Replace SwPlatformwordpress Version < 4.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.39%	0.801

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://wpscan.com/vulnerability/b0239208-1e23-4774-9b8c-9611704a07a0

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/38a079c8-181c-4bd8-a45d-e132711029ff

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0255

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-0255