CVE-2023-3720

Exploit

EPSS 0.26%
Veröffentlicht 30.08.2023 15:15:09
Zuletzt bearbeitet 05.05.2025 13:15:49
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Upload Media By URL < 1.0.8 - Stored XSS via CSRF

Upload Media By URL <= 1.0.7 - Cross-Site Request Forgery via 'umbu_download'

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files (including HTML containing JS code for users with the unfiltered_html capability) on their behalf.

Mögliche Gegenmaßnahme

Upload Media By URL: Update to version 1.0.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Notetoservices ≫ Upload Media By Url SwPlatformwordpress Version < 1.0.8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Upload Media By URL

Version *-1.0.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/16375a7f-0a9f-4961-8510-d047ffbf3954

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/18a0b8f2-4512-46a5-92a6-66d375c986dd

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3720

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3720

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3720

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3720