CVE-2023-5601

2023-11-0621:15:10

CWE-434

[email protected]

web.nvd.nist.gov

woocommerce

ninja forms

product add-ons

wordpress

plugin

rce

cve-2023-5601

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

Affected configurations

Vulners

NVD

Node

woocommerceproduct_recommendationsRange<1.7.1

VendorProductVersionCPE
woocommerceproduct_recommendations*cpe:2.3:a:woocommerce:product_recommendations:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
woocommerce	product_recommendations	*	cpe:2.3:a:woocommerce:product_recommendations::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WooCommerce Ninja Forms Product Add-ons",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.7.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]