PT-2023-11843 · WordPress · Kingcomposer

Jerome Bruandet

Published

2023-06-07

Updated

2023-06-13

CVE-2020-36701

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Page Builder: KingComposer plugin for WordPress versions up to, and including, 2.9.3

Description The issue allows authenticated users with author level permissions and above to upload arbitrary files onto the server, which can be used to execute code on the server. This is possible via the process bulk action function in the kingcomposer/includes/kc.extensions.php file.

Recommendations For versions up to, and including, 2.9.3, consider disabling the process bulk action function in the kingcomposer/includes/kc.extensions.php file as a temporary workaround until a patch is available. Restrict access to the kingcomposer/includes/kc.extensions.php file to minimize the risk of exploitation. Avoid using the process bulk action function until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-36701

Affected Products

Kingcomposer

PT-2023-11843 · WordPress · Kingcomposer

CVE-2020-36701

Weakness Enumeration

Related Identifiers

Affected Products

References · 8