Lucene search

K
patchstackRafie Muhammad (Patchstack)PATCHSTACK:1337D8BE3B67911ABBD800F3D083F7C1
HistoryAug 10, 2023 - 12:00 a.m.

WordPress Avada Theme <= 7.11.1 is vulnerable to Arbitrary File Upload

2023-08-1000:00:00
Rafie Muhammad (Patchstack)
patchstack.com
1
wordpress
avada theme
arbitrary file upload
vulnerable version
fixed version
injection
arbitrary file upload
cve-2023-39307
high
patchstack
contributor
10 august 2023

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Software

Avada

Type

Theme

Vulnerable versions

<= 7.11.1

Fixed in

7.11.2

OWASP Top 10

A3: Injection

Classification

Arbitrary File Upload

CVE

CVE-2023-39307

Patch priority

High

CVSS severity

High (8.5)

Developer

Claim ownership

PSID

332539b4f8ac

Credits

Rafie Muhammad Patchstack Rafie Muhammad (Patchstack)

Required privilege

Contributor

Published

10 August, 2023

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
-avadaRange7.11.1
VendorProductVersionCPE
-avada*cpe:2.3:a:-:avada:*:*:*:*:*:*:*:*

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

Related for PATCHSTACK:1337D8BE3B67911ABBD800F3D083F7C1