PT-2023-7876 · WordPress · Mw Wp Form

István Márton

Publicado

2023-11-24

Atualizado

2024-01-17

CVE-2023-6316

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MW WP Form plugin for WordPress versions up to, and including, 5.0.1

Description The issue is related to insufficient file type validation in the single file upload function, allowing unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible. The MW WP Form plugin is actively installed on more than 200,000 WordPress websites.

Recommendations For versions up to, and including, 5.0.1, update to a version that fixes the insufficient file type validation issue in the single file upload function to prevent arbitrary file uploads. As a temporary workaround, consider disabling the single file upload function until a patch is available.

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

BDU:2023-08947

CVE-2023-6316

Produtos afetados

Mw Wp Form

PT-2023-7876 · WordPress · Mw Wp Form

CVE-2023-6316

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16