Lucene search
HistoryMay 02, 2023 - 8:15 a.m.
CVE-2023-0924
cve-2023-0924
zyrex popup
wordpress
file upload
vulnerability
high privileged user
administrator
arbitrary files
file system
multisite install
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
33.2%
The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.
Affected configurations
Node
zyrexpopupRange<1.1wordpress
Related
prion
prion
Design/Logic Flaw
2023-05-02 08:15:00
cvelist
cvelist
CVE-2023-0924 Zyrex Popup <= 1.0 - Admin+ Arbitrary File Upload
2023-05-02 07:04:48
wpexploit
wpexploit
Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload
2023-04-04 00:00:00
wpvulndb
wpvulndb
Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload
2023-04-04 00:00:00
cve
cve
CVE-2023-0924
2023-05-02 08:15:09
wordfence
wordfence
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
33.2%
Related for NVD:CVE-2023-0924