8.8

CVE-2023-2877

Exploit

EPSS 69%
Veröffentlicht 27.06.2023 14:15:11
Zuletzt bearbeitet 21.11.2024 07:59:28
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

Mögliche Gegenmaßnahme

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder: Update to version 6.3.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

Version [*, 6.3.1)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Strategy11 ≫ Formidable Forms SwPlatformwordpress Version < 6.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	69%	0.986

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f060bd-029a-462e-b308-8366e82be383

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2877

EUVD