PT-2023-25647 · WordPress · Fileorganizer
Dmitrii
·
Published
2023-09-07
·
Updated
2024-09-23
·
CVE-2023-3664
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FileOrganizer WordPress plugin versions 1.0.2 and earlier
Description
The issue allows site admins to gain full control over the server in multisite instances due to a lack of functionality restriction. This can potentially lead to attackers manipulating the root folder and accessing sensitive system directories via path traversal.
Recommendations
For FileOrganizer WordPress plugin versions 1.0.2 and earlier, consider disabling the plugin until a patch is available to restrict functionality on multisite instances and prevent unauthorized access.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fileorganizer