Lucene search

K
cve[email protected]CVE-2023-2359
HistoryJun 19, 2023 - 11:15 a.m.

CVE-2023-2359

2023-06-1911:15:10
CWE-94
web.nvd.nist.gov
1137
slider revolution
wordpress
plugin
arbitrary file upload
rce
cve-2023-2359
nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.6%

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.

Affected configurations

Vulners
NVD
Node
themepunchslider_revolutionRange6.6.12
VendorProductVersionCPE
themepunchslider_revolution*cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Slider Revolution",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "6.6.12"
      }
    ],
    "defaultStatus": "affected"
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.6%