PT-2017-10991 · Automattic · Wordpress
Larry W. Cashdollar
·
Published
2017-09-14
·
Updated
2017-09-27
·
CVE-2017-1002002
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
webapp-builder version 2.0
Description
The issue concerns a wordpress plugin that includes unlicensed and vulnerable CMS software from http://www.invedion.com/.
Recommendations
For webapp-builder version 2.0, consider removing or disabling the plugin until a patched version is available. As a temporary workaround, restrict access to any components of the plugin that utilize the vulnerable CMS software to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress