Lucene search

[email protected]NVD:CVE-2023-4019

HistorySep 04, 2023 - 12:15 p.m.

CVE-2023-4019

2023-09-0412:15:10

[email protected]

web.nvd.nist.gov

cve-2023-4019

wordpress plugin

unauthorized file movement

rce

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

Affected configurations

NVD

Node

riverforest-wpmedia_from_ftpRange<11.17wordpress

References

wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for NVD:CVE-2023-4019

wpexploit1 cvelist1 cve1 prion1 wpvulndb1 wordfence1