5.4
CVE-2023-4821
- EPSS 0.4%
- Veröffentlicht 16.10.2023 20:15:16
- Zuletzt bearbeitet 23.04.2025 17:16:47
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginDrag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site Scripting
Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.
Mögliche Gegenmaßnahme
Drag and Drop Multiple File Upload for WooCommerce: Update to version 1.1.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codedropz ≫ Drag And Drop Multiple File Uploader SwPlatformwordpress Version < 1.1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Drag and Drop Multiple File Upload for WooCommerce
Version
*-1.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.312 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
https://wpscan.com/vulnerability/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5
https://www.wordfence.com/threat-intel/vulnerabilities/id/abc8ee11-c149-4a2b-a388-7bd234c2cc64