4.9
CVE-2023-2688
- EPSS 0.17%
- Veröffentlicht 09.06.2023 06:16:11
- Zuletzt bearbeitet 21.11.2024 07:59:05
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
Mögliche Gegenmaßnahme
WordPress File Upload Pro: Update to version 4.19.2, or a newer patched version
Iptanus File Upload: Update to version 4.19.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WordPress File Upload Pro
Version
* - 4.19.1
SystemWordPress Plugin
≫
Produkt
Iptanus File Upload
Version
* - 4.19.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Iptanus ≫ Wordpress File Upload SwPlatformwordpress Version <= 4.19.1
Iptanus ≫ Wordpress File Upload Pro SwPlatformwordpress Version <= 4.19.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.39 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
| security@wordfence.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|