8.8
CVE-2023-39307
- EPSS 0.66%
- Veröffentlicht 26.03.2024 21:15:51
- Zuletzt bearbeitet 05.02.2025 15:39:33
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginAvada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
Mögliche Gegenmaßnahme
Avada | Website Builder For WordPress & WooCommerce: Update to version 7.11.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
Avada | Website Builder For WordPress & WooCommerce
Version
*-7.11.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Theme-fusion ≫ Avada SwPlatformwordpress Version < 7.11.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.702 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 8.5 | 1.8 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.